Importing docker image results in incorrect file permissions

[AdamSimpson]

Version of Singularity:

v3.2.1

Expected behavior

When importing a docker image I expect file permissions to be applied correctly.

Actual behavior

If a Docker image is imported that was built such that a files permissions are changed in a separate layer than the file was originally created in the permissions when running under Singularity are incorrect.

Steps to reproduce behavior

Dockerfile

FROM ubuntu

RUN mkdir -m 700 /foobar

RUN chmod a+rx /foobar

Docker image created with correct permissions

$ docker build -t permission:test .
$ docker run permission:test ls -ld /foobar
drwxr-xr-x 1 root root 4096 Jul  5 21:24 /foobar

Running under Singularity shows the incorrect permissions

$ singularity build permission.simg docker-daemon://permission:test
$ singularity exec permission.simg ls -ld /foobar
drwx------ 2 root root 3 Jul  5 14:24 /foobar

[AdamSimpson]

From what I can tell this looks to be an issue with opencontainers/image-tools which is used to create the bundle. I've created opencontainers/image-tools#218 to track this.

[GodloveD]

Thanks for the update @AdamSimpson. Looks like @cyphar thinks we should be using umoci. Might be useful to do some research on what it would take to make that change.