Best Practices - Possibly outdated note

[bzier]

The best practices page refers to an unresolved bug that looks like it was recently closed. I didn't look closely at the issue or the resolution, but noticed that it was closed on 9/20. It may be worth keeping an eye on it and possibly cleaning up / removing this note.

Note: Due to an unresolved bug in the Go archive/tar package's handling of sparse files, attempting to create a user with a sufficiently large UID inside a Docker container can lead to disk exhaustion as /var/log/faillog in the container layer is filled with NUL (\0) characters. Passing the --no-log-init flag to useradd works around this issue. The Debian/Ubuntu adduser wrapper does not support the --no-log-init flag and should be avoided.

Certainly not critical, but since the bug had been outstanding for almost 2 years, I thought it was worth pointing out.

File: engine/userguide/eng-image/dockerfile_best-practices.md, CC @mstanleyjones

[mdlinville]

@tiborvass @thaJeztah Is this note still accurate for Docker?

[thaJeztah]

No it's not resolved yet; it's not really a bug, more a feature that was not implemented. Even if that issue is resolved, very high user ids will still result in really big images, so can still exhaust the file system.

See moby/moby#5419 (comment) for the latest discussion

[bzier]

Feel free to do with this as you see fit. I am not affected by the issue, but just wanted to point out what I saw and start the discussion.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

/lifecycle locked