Docker mount file default permissions 777 and MariaDB complaining about world-writable (mounted) config file

My service definition, where mariadb.cnf is mounted on /etc/mysql/mariadb.conf.d/80-app.cnf:

<!-- language: lang-yml -->

db:
    image: mariadb:10.11
    volumes:
        - ./mariadb.cnf:/etc/mysql/mariadb.conf.d/80-app.cnf:ro

On startup:

> 2023-06-14 18:27:16 Warning: World-writable config file '/etc/mysql/mariadb.conf.d/80-app.cnf' is ignored.

I know exactly what's happening, Docker is mouting my file with 777 permission:

<!-- language: lang-txt -->

# ls -la /etc/mysql/mariadb.conf.d/
total 40
drwxr-xr-x 1 root root 4096 Jun 14 18:27 .
drwxr-xr-x 1 root root 4096 Jun  9 23:30 ..
-rw-r--r-- 1 root root   46 Jun  9 23:30 05-skipcache.cnf
-rw-r--r-- 1 root root  575 Jun  5 19:14 50-client.cnf
-rw-r--r-- 1 root root  231 Jun  5 19:14 50-mysql-clients.cnf
-rw-r--r-- 1 root root  927 Jun  5 19:14 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3584 Jun  9 23:30 50-server.cnf
-rw-r--r-- 1 root root  570 Jun  5 19:14 60-galera.cnf
-rwxrwxrwx 1 root root  167 Jun 14 16:39 80-app.cnf

I can remove the ro option, chmod 644 /etc/mysql/mariadb.conf.d/80-app.cnf, restart the container, re-add ro option, it works.

The problem is that anyone using my project have to to this the first time. Do I have any option?

I'm seriously thinking about adding in my docker-entrypoint.sh:

#!/bin/sh

chmod 644 /etc/mysql/mariadb.conf.d/*-app.cnf

But I really hope there is a better solution.

This has now been fixed so that read only mounts of configuration files are considered to have the same protection and will be read/processed.

Fixed for versions 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 11.0.3, 11.1.2, 11.2.1 and above.

was: bug report MDEV-27038 / server patch #2669