When investigating https://github.com/golemfactory/yagna-sdk-team/issues/205 we found out that ya-runtime-vm container instillation creates top directory with set permissions ignoring ones in provided image.
Exact line to be responsible per @prekucki: https://github.com/golemfactory/ya-runtime-vm/blob/master/runtime/init-container/src/init.c#L1677
Having a nginx-latest-cd6d7a1750.gvmi gvmi image:
mkdir /tmp/foo
sudo mount nginx-latest-cd6d7a1750.gvmi /tmp/foo
ls -al /tmp/foo
Will output proper permissions (same as original docker image permissions)
drwxr-xr-x 22 root root 409 lut 8 12:18 .
...
But using the same image in ya-runtime-vm causes permisons to change
sudo ya-runtime-dbg --runtime ya-runtime-vm --task-package nginx-latest-cd6d7a1750.gvmi --workdir /tmp/workdir --exec-shell bash
ls -al
outputs
drwx------ 1 root root 80 Feb 9 08:44 .
...
The same behavior was observe running given image as payload in dapp-runner. dApp-runner payloads examples: https://github.com/golemfactory/dapp-experiments/pull/10/files
When investigating https://github.com/golemfactory/yagna-sdk-team/issues/205 we found out that
ya-runtime-vmcontainer instillation creates top directory with set permissions ignoring ones in provided image.Exact line to be responsible per @prekucki: https://github.com/golemfactory/ya-runtime-vm/blob/master/runtime/init-container/src/init.c#L1677
Having a
nginx-latest-cd6d7a1750.gvmigvmi image:Will output proper permissions (same as original docker image permissions)
drwxr-xr-x 22 root root 409 lut 8 12:18 . ...But using the same image in
ya-runtime-vmcauses permisons to changeoutputs
The same behavior was observe running given image as payload in
dapp-runner. dApp-runner payloads examples: https://github.com/golemfactory/dapp-experiments/pull/10/files