Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarification if parent directories can be omitted in layer tar #1221

Open
SgtSilvio opened this issue Dec 2, 2024 · 1 comment · May be fixed by #970
Open

Clarification if parent directories can be omitted in layer tar #1221

SgtSilvio opened this issue Dec 2, 2024 · 1 comment · May be fixed by #970

Comments

@SgtSilvio
Copy link

SgtSilvio commented Dec 2, 2024

This spec contains an example on "Representing Changes" in an image layer (https://github.com/opencontainers/image-spec/blob/main/layer.md#representing-changes):

./etc/my-app.d/
./etc/my-app.d/default.cfg
./bin/my-app-tools
./etc/.wh.my-app-config

which suggested to me that a changeset does not need to include parent directories (/etc/ in this example).
Furthermore, I assumed that the parent directories would then need to be present in parent layers under which the files would then be visible in the union filesystem.

I created a layer that omits parent directories and it turns out, that the result is not as expected (tested with Docker).
The missing parent directories are automatically created with default permissions. The directories in parent layers are shadowed which is problematic if they have different permissions.

I think my assumptions about omitting directories in a layer tar are incorrect. Can you confirm this?
Or should it be supported and there is an implementation bug in the container runtime?
Either way, imho the example should be adapted or the expected behavior should be documented.

@sudo-bmitch sudo-bmitch linked a pull request Dec 2, 2024 that will close this issue
@sudo-bmitch
Copy link
Contributor

I believe this is being worked on in #970. While it's possible to omit a directory in the tar structure, it is not possible to omit the parent folders in the unpacked filesystem layer. It's also not possible to depend on the previous image state since a layer may be used by multiple images and the parent directory permissions should not vary based on the order images are unpacked on the host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants