Latest 8 and 9 images does not seem to have a sticky bit for /tmp

[riton]

Description

I can't figure out why, but it looks like latest rockylinux/rockylinux:8 and rockylinux/rockylinux:9 do not have a sticky bit positionned on /tmp.

What I've observed

rockylinux/rockylinux:8 (currently pointing to 8.7)

❯ docker run --pull always --rm rockylinux/rockylinux:8 /bin/ls -laFd /tmp
8: Pulling from rockylinux/rockylinux
Digest: sha256:481069b40ad8f8dc89b5ac2fa3f5fb1c24fc330656b58165983ad5c658349818
Status: Image is up to date for rockylinux/rockylinux:8
drwxrwxrwx 2 root root 4096 Nov 12 16:19 /tmp/

rockylinux/rockylinux:9 (currently pointing to 9.1)

❯ docker run --pull always --rm rockylinux/rockylinux:9 /bin/ls -laFd /tmp
9: Pulling from rockylinux/rockylinux
Digest: sha256:17118eed054bce9a57b03140b4aeb961297fdeb3aa680f4f2f74d341818613ea
Status: Image is up to date for rockylinux/rockylinux:9
drwxrwxrwx 2 root root 4096 Nov 23 15:10 /tmp/

Previous behavior

The sticky bit was there in the previous minor image version

rockylinux/rockylinux:8.6

❯ docker run --pull always --rm rockylinux/rockylinux:8.6 /bin/ls -laFd /tmp
8.6: Pulling from rockylinux/rockylinux
Digest: sha256:fc370d748f4cd1e6ac3d1b6460fb82201897fa15a16f43e947940df5aca1a56e
Status: Image is up to date for rockylinux/rockylinux:8.6
drwxrwxrwt 2 root root 4096 Jul  7 15:33 /tmp/

rockylinux/rockylinux:9.0

❯ docker run --pull always --rm rockylinux/rockylinux:9.0 /bin/ls -laFd /tmp
9.0: Pulling from rockylinux/rockylinux
Digest: sha256:ae6a9dde882e4234324850d6fadf15c6a9cfc8a064052fd87530efe0f775dea2
Status: Image is up to date for rockylinux/rockylinux:9.0
drwxrwxrwt 2 root root 4096 Jul 12 13:05 /tmp/

Software versions

docker version

❯ docker version
Client: Docker Engine - Community
 Version:           20.10.21
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        baeda1f
 Built:             Tue Oct 25 18:01:58 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.21
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.7
  Git commit:       3056208
  Built:            Tue Oct 25 17:59:49 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.10
  GitCommit:        770bd0108c32f3fb5c73ae1264f7e503fe7b2661
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

O.S version

❯ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

Kernel version

❯ uname -a
Linux XXXXX 5.15.0-53-generic #59-Ubuntu SMP Mon Oct 17 18:53:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Investigations

I've quickly looked at the various layer.tar.xz files and It seems that the sticky bit is there.

I don't really understand where it can disappear 🤷 Any help would be really appreciated.

Regards

Rémi

[NeilHanlon]

Apologies for the latency.. This is a weird one. Let me investigate more and see if this continues in the latest images I've built. As you say, the sticky bit is there on the tarfile, so i'm not sure why the build process is stripping it, seemingly

[doncho-gunchev]

Can't reproduce any more?

$ podman run --rm rockylinux/rockylinux:8 /bin/ls -laFd /tmp
Resolving "rockylinux/rockylinux" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)
Trying to pull docker.io/rockylinux/rockylinux:8...
Getting image source signatures
Copying blob sha256:584b9ab5a0f2bc5acdb1c26d0d934235b56c837c18c7ad41910f8de84b793a83
Copying config sha256:a8c7a51f51db7635925e624012042f170d7298c61d1dac7a01e82d2a6c957388
Writing manifest to image destination
drwxrwxrwt. 2 root root 58 May 28 13:37 /tmp/