Thanks, Kyle. And thanks for reporting the bug upstream (https://github.com/opencontainers/runc/issues/4971). There is a straightforward workaround for now (which I also see you already figured out) which is to explicitly pass the mode you want to use for the tmpfs. I am mentioning it here and adding an example below to help others who may end up with the same issue (if it applies to you, keep reading).
Reproducing on questing: $ docker run --tmpfs /my-tmp:exec --rm -it ubuntu:latest ls -al /my-tmp total 4 drwxrwxrwt 2 root root 40 Nov 7 02:04 . drwxr-xr-x 1 root root 4096 Nov 7 02:04 .. athos@pollux:/tmp/foo$ runc --version runc version 1.3.0-0ubuntu2 $ docker run --tmpfs /my-tmp:exec --rm -it ubuntu:latest ls -al /my-tmp total 4 drwxr-xr-x 2 root root 40 Nov 7 02:05 . drwxr-xr-x 1 root root 4096 Nov 7 02:05 .. $ runc --version runc version 1.3.3-0ubuntu1~25.10.2 Workaround: $ docker run --rm --tmpfs /my-tmp:exec,mode=1777 --rm -it ubuntu:latest ls -al /my-tmp total 4 drwxrwxrwt 2 root root 40 Nov 7 02:07 . drwxr-xr-x 1 root root 4096 Nov 7 02:07 .. $ runc --version runc version 1.3.3-0ubuntu1~25.10.2 or $ docker run --rm --mount type=tmpfs,destination=/my-tmp,tmpfs-mode=1777 --rm -it ubuntu:latest ls -al /my-tmp total 4 drwxrwxrwt 2 root root 40 Nov 7 02:11 . drwxr-xr-x 1 root root 4096 Nov 7 02:11 .. ** Tags removed: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130744 Title: runc security upgrade regresses docker tmpfs permission handling To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/runc/+bug/2130744/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
