Permission issues when running on AWS ECS with latest version (works with 1.3.15)

[V-Lamp]

Using 1.3.18:

• The container runs fine (docker run ) locally (Mac OS)
• When running on AWS ECS (Fargate), the task fails with the only line the logs being:

standard_init_linux.go:190: exec user process caused "permission denied"

When downgrading to 1.3.15 and pushing again, with no other changes (to AWS or other):

• Container runs fine on ECS

I see that the latest version includes Run chmod +x explicitly in stage0 #1201 that sounds like the cause of the problem.

[muuki88]

Make sure to use the correct docker permission strategy.

I think with None you can disable basically everything.

[unoexperto]

@muuki88 I wish you guys wrote more in documentation because upgrading from .2 to .20 pretty much broke all my builds. Setting dockerPermissionStrategy := DockerPermissionStrategy.None is not helping. I'm still getting Permission denied accessing mapped volumes inside the container.

Plus I don't see why generated Dockerfile sets USER twice. Looks like bug to me

FROM expert/docker-java-minimal:jdk12-alpine
RUN apk update && apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community mediainfo && /usr/glibc-compat/sbin/ldconfig 
USER root
RUN id -u root 2> /dev/null || useradd --system --create-home --uid 1001 --gid 0 root
WORKDIR /opt/docker
COPY opt /opt
USER 1001
ENTRYPOINT ["/opt/docker/bin/api-server"]
CMD []

with .2 produced file was

FROM expert/docker-java-minimal:jdk12-alpine
RUN apk update && apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community mediainfo && /usr/glibc-compat/sbin/ldconfig 
WORKDIR /opt/docker
ADD --chown=root:root opt /opt
USER root
ENTRYPOINT ["bin/api-server"]
CMD []

What am I doing incorrectly ?

[ryanberckmans]

Might be related to #1198 which I believe was fixed in v1.3.21