[Bug 1708445] [NEW] dockerd umask inside lxd container

Thu, 03 Aug 2017 05:36:11 -0700 

Public bug reported:

[Summary]

dockerd has a umask of 0177 when running inside a lxd container. This
causes the file created win /var/lib/docker to only be accessible by
root which in term causes permission errors for non-root users within
the docker containers.

[Machines]

Installed docker.io both inside a lxd container and inside a VirtualBox
virtual machine.

1. LXD

Host running: Ubuntu 16.04.2 LTS, lxd 2.15-0ubuntu6~ubuntu16.04.1
LXD container: Ubuntu 16.04.2 LTS, docker.io 1.12.6-0ubuntu1~16.04.1
Docker: Storage driver default 'vfs'

2. VirtualBox

Host running: MacOS Sierra 10.12.6, VirtualBox 5.1.26
Virtual machine: Ubuntu 16.04.3 LTS, docker.io 1.12.6-0ubuntu1~16.04.1
Docker: Storage driver set to vfs in /etc/docker/daemon.json:

{
   "storage-driver": "vfs"
}

[Test]

Used gdb to check the effective umask of dockerd in each case:

1. LXD

# gdb --pid 1234
...
(gdb) call/o umask(0)
$1 = 0177
(gdb)


2. VirtualBox

# gdb --pid 1234
...
(gdb) call/o umask(0)
$1 = 022
(gdb)

[Permissons]

1. LXD

/var/lib/docker# ls -l
total 22
drwx------ 4 root root 4 Aug  3 10:11 containers
drw------- 3 root root 3 Jul 31 14:20 image
drw------- 3 root root 3 Jul 31 14:20 network
drw------- 2 root root 2 Jul 31 14:20 swarm
drwx------ 2 root root 2 Aug  3 09:23 tmp
drw------- 2 root root 2 Jul 31 14:20 trust
drw------- 3 root root 3 Jul 31 14:21 vfs
drw------- 2 root root 3 Aug  3 09:22 volumes

Images in vfs/dir/xxxx are mode drw-------

2. VirtualBox

/var/lib/docker# ls -l
total 36
drwx------ 5 root root 4 Aug  3 10:11 aufs
drwx------ 2 root root 4 Aug  3 10:11 containers
drwx------ 4 root root 3 Jul 31 14:20 image
drwxr-x--- 3 root root 3 Jul 31 14:20 network
drwx------ 2 root root 2 Jul 31 14:20 swarm
drwx------ 2 root root 2 Aug  3 09:23 tmp
drwx------ 2 root root 2 Jul 31 14:20 trust
drwx------ 3 root root 3 Jul 31 14:21 vfs
drwx------ 2 root root 3 Aug  3 09:22 volumes

Images in vfs/dir/xxxxx are mode drwxr-xr-x

** Affects: docker.io (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708445

Title:
  dockerd umask inside lxd container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1708445/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to