This is a demonstration repo for reproducing gitpod-io/gitpod#3174
The image is already pushed, so you don't even have to build it.
To demonstrate the bug,
- Enable feature preview
- Open this repository with https://gitpod.io/#https://github.com/rfay/gitpod-bug-repro
sudo docker-up
- In another terminal,
docker run -it --rm randyfay/gitpod-bug-repro ls -lR /var/tmp
. You'll see
$ docker run -it --rm randyfay/gitpod-bug-repro ls -lR /var/tmp
/var/tmp:
total 8
drwxrwxrwx 2 www-data root 4096 Feb 17 21:16 dir-with-perms
drwxr-xr-x 2 root root 4096 Feb 17 21:28 filebits
/var/tmp/dir-with-perms:
total 0
/var/tmp/filebits:
total 0
-rwsr-xr-x 1 root root 0 Feb 17 21:28 setuid
-rwxrwxrwx 1 root root 0 Feb 17 21:28 sevens
---------- 1 root root 0 Feb 17 21:28 zeroes
- Now stop the gitpod workspace and then start it again.
sudo docker-up
docker run -it --rm randyfay/gitpod-bug-repro ls -lR /var/tmp
now shows completely different permissions and ownership:
$ docker run -it --rm randyfay/gitpod-bug-repro ls -lR /var/tmp
/var/tmp:
total 8
drwxr-xr-x 2 www-data root 4096 Feb 17 21:16 dir-with-perms
drwxr-xr-x 2 root root 4096 Feb 17 21:28 filebits
/var/tmp/dir-with-perms:
total 0
/var/tmp/filebits:
total 0
-rwxr-xr-x 1 root root 0 Feb 17 21:28 setuid
-rwxr-xr-x 1 root root 0 Feb 17 21:28 sevens
---------- 1 root root 0 Feb 17 21:28 zeroes
You'll note that
- /var/tmp/dir-with-perms was 777, now it's 755
- /var/tmp/filebits/setuid has lost its setuid bit
- /var/tmp/filebits/sevens has lost its 777 and gone to 755
Interestingly though, /var/tmp/filebits/zeroes still has its 000 perms.
There may be other instances of permissions loss. It's not clear to me why the directory permissions are mucked with, but the some file perms don't seem to be.
As I guess we should expect, this can be worked around by deleting the image and re-pulling it.
docker rmi randyfay/gitpod-bug-repro:latest && docker pull randyfay/gitpod-bug-repro:latest
will restore the correct filesystem and behavior.