File UIDs/GIDs from host leak into imave via ADD

[crashsystems]

When files are injected into an image via ADD in a Dockerfile, those files have the same UID/GID as what they had on the host. Recently, when building an image in a testing environment, this caused no problems. However, I then deployed it on a server, with a user that happened to have a different UID. This cause the application in the container to crash.

This problem is easy enough to avoid once you know about it, but it seems like a small detail of the host leaking into the container.

A solution I think would work would be to make the injected files assume the UID/GID of the user under which commands are running at that point in the Dockerfile. So by default it would be root, but if ADD is preceded by a USER command, the files would assume the ownership of the specified user.

[tianon]

+1 with the caveat that it has to continue working consistently for the base image tarballs (which already have a "predictable" UID/GID via tar) 👍

[jpetazzo]

+1

[shykes]

I agree that we need to make ADD predictable in regards to resulting UIDs and GIDs. Also agree with @tianon that we should preserve source UIDs and GIDs in the case of ADDing a tarball, since in that case it is predictable already.

Help wanted!

[creack]

Fixed by #3971