The ubuntu.azurecr.io:resolute base image ships with /var/lib/pebble/default as a world-writable directory without the sticky bit set. This causes the VerifyInsecureFiles test to fail for all .NET 11.
docker run --rm -u root --entrypoint /bin/sh ubuntu.azurecr.io/ubuntu:resolute -c "find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \)"
Output:
The
ubuntu.azurecr.io:resolutebase image ships with/var/lib/pebble/defaultas a world-writable directory without the sticky bit set. This causes theVerifyInsecureFilestest to fail for all .NET 11.docker run --rm -u root --entrypoint /bin/sh ubuntu.azurecr.io/ubuntu:resolute -c "find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \)"Output: