No non root permission in the container

Summary

As #74 (closed) discussion, owner of folder /builder/**** should be able to change to USER defined in the dockerfile. However, this does not true.

Steps to reproduce

• I have created a project here on gitlab
• Given dockerfile (actually edited from #74 (closed))

FROM ubuntu:14.04
RUN useradd -ms /bin/bash cirunner
RUN mkdir /builds && chown cirunner:cirunner /builds
USER cirunner
CMD ["bash"]

• Given .gitlab-ci.yml

image: ubuntu:14.04
stages:
    - build
    - test
    
variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
build:
    image: docker:latest
    services:
        - docker:dind
    stage: build
    script:
        - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
        - docker build -t $IMAGE_TAG .
        - docker push $IMAGE_TAG
    
job1:
    image: $IMAGE_TAG
    stage: test
    script:
        -  ls -al ../../../ ../../ ../ .
        - whoami

Actual behavior

According to discussion at #74 (closed), owner of files under /builds should be cirunner. However, all files /builds/***/ except /builds/ belongs to root.

$ ls -al ../../../ ../../ ../ .
.:
total 40
drwxrwxrwx. 3 root root 4096 Apr  6 01:56 .
drwxrwxrwx. 4 root root 4096 Apr  6 01:56 ..
drwxrwxrwx. 5 root root 4096 Apr  6 01:56 .git
-rw-rw-rw-. 1 root root  476 Apr  6 01:56 .gitlab-ci.yml
-rw-rw-rw-. 1 root root  135 Apr  6 01:56 Dockerfile

../:
total 32
drwxrwxrwx. 4 root     root     4096 Apr  6 01:56 .
drwxr-xr-x. 1 cirunner cirunner 4096 Apr  6 01:56 ..
drwxrwxrwx. 3 root     root     4096 Apr  6 01:56 non_root_ci_test
drwxrwxrwx. 3 root     root     4096 Apr  6 01:56 non_root_ci_test.tmp

../../:
total 24
drwxr-xr-x. 1 cirunner cirunner 4096 Apr  6 01:56 .
drwxr-xr-x. 1 root     root     4096 Apr  6 01:56 ..
drwxrwxrwx. 4 root     root     4096 Apr  6 01:56 mondwan

../../../:
total 164
drwxr-xr-x.  1 root     root     4096 Apr  6 01:56 .
drwxr-xr-x.  1 root     root     4096 Apr  6 01:56 ..
-rwxr-xr-x.  1 root     root        0 Apr  6 01:56 .dockerenv
drwxr-xr-x.  2 root     root     4096 Apr  6 01:56 bin
drwxr-xr-x.  2 root     root     4096 Apr 10  2014 boot
drwxr-xr-x.  1 cirunner cirunner 4096 Apr  6 01:56 builds
drwxrwxrwx.  2 root     root     4096 Apr  6 01:56 cache
drwxr-xr-x. 11 root     root     2660 Apr  6 01:56 dev
drwxr-xr-x.  1 root     root     4096 Apr  6 01:56 etc
drwxr-xr-x.  3 root     root     4096 Apr  6 01:56 home
drwxr-xr-x. 12 root     root     4096 Apr  6 01:56 lib
drwxr-xr-x.  2 root     root     4096 Apr  6 01:56 lib64
drwxr-xr-x.  2 root     root     4096 Feb 14 23:28 media
drwxr-xr-x.  2 root     root     4096 Apr 10  2014 mnt
drwxr-xr-x.  2 root     root     4096 Feb 14 23:28 opt
dr-xr-xr-x. 95 root     root        0 Apr  6 01:56 proc
drwx------.  2 root     root     4096 Apr  6 01:56 root
drwxr-xr-x.  8 root     root     4096 Apr  6 01:56 run
drwxr-xr-x.  2 root     root     4096 Apr  6 01:56 sbin
drwxr-xr-x.  2 root     root     4096 Feb 14 23:28 srv
dr-xr-xr-x. 13 root     root        0 Apr  6 01:47 sys
drwxrwxrwt.  2 root     root     4096 Feb 14 23:29 tmp
drwxr-xr-x. 10 root     root     4096 Apr  6 01:56 usr
drwxr-xr-x. 11 root     root     4096 Apr  6 01:56 var
$ whoami
cirunner

However, effective user follows the definition in the image.

Expected behavior

Files under /builds/mondwan/non_root_ci_test/ should also be an owner defined in Dockerfile..

Relevant logs and/or screenshots

https://gitlab.com/mondwan/non_root_ci_test/builds/13764284

Environment description

shared Runners on GitLab.com

Used GitLab Runner version

shared Runners on GitLab.com

Note:

• I have edit a bit of gitlab-ci.yml which list more directory permission