[BUG] docker compose watch fails to detect permission issue and deadlocks #13262
Description
Description
On a WSL2 ubuntu, docker compose up --build --watch does neither abort nor work if the current user cannot access ignored folders.
On a "real" ubuntu, docker compose aborts with the following error message:
notify.Add("/home/benni/repositories/dockerfreeze"): watcher.Add("/home/benni/repositories/dockerfreeze/data"): permission denied
On a WSL2 ubuntu, /usr/libexec/docker/cli-plugins/docker-compose compose up --build --watch is stuck waiting for something, not sure whether it is the docker engine:
(gdb) info threads
Id Target Id Frame
* 1 LWP 1263 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
2 LWP 1284 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
3 LWP 1283 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
4 LWP 1282 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
5 LWP 1281 "docker-compose" 0x000000000040dd8e in internal/runtime/syscall.Syscall6 ()
6 LWP 1280 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
7 LWP 1272 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
8 LWP 1271 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
9 LWP 1270 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
10 LWP 1269 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
11 LWP 1268 "docker-compose" 0x000000000040dd8e in internal/runtime/syscall.Syscall6 ()
12 LWP 1267 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
13 LWP 1266 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
14 LWP 1265 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
15 LWP 1264 "docker-compose" 0x000000000047fca3 in runtime.futex.abi0 ()
If the symbols are correctly resolved, thread 5 and 11 are doing epoll stuff.
Steps To Reproduce
- Install WSL2 ubuntu + docker as instructed here
- Create
.dockerignore
/data
- Create
Dockerfile
FROM ubuntu
WORKDIR /app
COPY . .
ENTRYPOINT ["tail", "-f", "/dev/null"]- Create
compose.yml
services:
test:
build: .
volumes:
- "./data:/data"
develop:
watch:
- action: sync
path: .
target: /appsudo mkdir datasudo chmod 700 data/docker compose up --build --watch- Observe that the docker client is deadlocked, neither succeeding, nor aborting, nor responding to ctrl+c
Compose Version
Docker Compose version v2.39.4
Docker Environment
Client: Docker Engine - Community
Version: 28.4.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.29.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.39.4
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 3
Running: 0
Paused: 0
Stopped: 3
Images: 14
Server Version: 28.4.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b98a3aace656320842a23f4a392a33f46af97866
runc version: v1.3.0-0-g4ca628d1
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.6.87.2-microsoft-standard-WSL2
Operating System: Ubuntu 24.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 15.57GiB
Name: Silberdachs
ID: 07670eea-a2ba-43ee-bd99-c7bb2635df50
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Anything else?
Is there a technical reason why missing permissions on ignored folders cause an abort? My initial assumption was they shouldn't matter.
Original issue: moby/moby#51092