You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running msys2 inside Docker, it seems to incorrectly read the permissions of the underling filesystem.
Uses icacls on Windows to modify file/folder permissions, these commands work as expected, and set the permissions in the filesystem, which can be verified as set using icacls.
Things change once docker is brought into the mix:
Host
Docker using volume mount
Docker non-mount
Powershell
> icacls foo /deny Everyone:r > Get-Content foo Get-Content: Access to the path 'D:\tmp\msysperms\foo' is denied
> Get-Content foo foo
> icacls foo /deny Everyone:r > Get-Content foo Get-Content : Access to the path 'C:\msysperms2\foo' is denied
MSYS
$ cat foo cat: foo: Permission denied
# cat foo foo
# cat foo ▒▒foo
This seems like it might be related to #59, but also could be upstream in the Docker volume system, as both inside and outside msys2 ignore permissions in that case.
I think I did the above tests using Hyper-V isolation, but I've seen the problem when using volume mounts with process isolation too (process isolation mitigates #59). This is also using the ContainerAdministrator account, I haven't tested with the ContainerUser account, but on a normal system running as admin the read is still blocked.
The text was updated successfully, but these errors were encountered:
When running msys2 inside Docker, it seems to incorrectly read the permissions of the underling filesystem.
Uses
icacls
on Windows to modify file/folder permissions, these commands work as expected, and set the permissions in the filesystem, which can be verified as set using icacls.Things change once docker is brought into the mix:
> Get-Content foo
Get-Content: Access to the path 'D:\tmp\msysperms\foo' is denied
foo
> Get-Content foo
Get-Content : Access to the path 'C:\msysperms2\foo' is denied
cat: foo: Permission denied
foo
▒▒foo
This seems like it might be related to #59, but also could be upstream in the Docker volume system, as both inside and outside msys2 ignore permissions in that case.
I think I did the above tests using Hyper-V isolation, but I've seen the problem when using volume mounts with process isolation too (process isolation mitigates #59). This is also using the ContainerAdministrator account, I haven't tested with the ContainerUser account, but on a normal system running as admin the read is still blocked.
The text was updated successfully, but these errors were encountered: