[BUG] Image mount holds on to stale image even once image is removed

[Jip-Hop]

Description

Mounting an image which has been built in the same stack does not work as expected: rebuilds of the image do not cause containers which mount it to be recreated.

Since #12725 and moby/moby#48798 it's possible to mount files from images. Docker warns it's still an experimental feature and there are open issues (e.g. moby/moby#50999). So some problems are to be expected.

In my test case I expect the output from both containers to be the same, both the first time and the second time they run. However, the second time the output from container b is the stale "foo" content. For some reason container b still mounts the old image, which shouldn't exist any more: I explicitly pruned builder and images and the images list only outputs bash and the new a image.

Once you add --force-recreate to the second docker compose up call, the output of both containers is correct: they now both output "bar". However I don't want to add --force-recreate as it impacts all other services in the stack which may be unrelated to image a.

Steps To Reproduce

services:
  a:
    container_name: ca
    build:
      context: .
      dockerfile: Dockerfile
    image: a
    command: ["cat", "/a/test.txt"]
  b:
    container_name: cb
    image: bash
    depends_on:
      - a
    command: ["cat", "/a/test.txt"]
    volumes:
      - type: image
        source: a
        target: /a
        image:
          subpath: a

docker builder prune -a -f > /dev/null
docker image prune -a -f > /dev/null
echo "FROM bash\nWORKDIR /a\nRUN echo foo > /a/test.txt" > Dockerfile
docker compose --progress=plain up --quiet-build --quiet-pull --pull=always --build
docker builder prune -a -f > /dev/null
docker image prune -a -f > /dev/null
echo "FROM bash\nWORKDIR /a\nRUN echo bar > /a/test.txt" > Dockerfile
docker compose --progress=plain up --quiet-build --quiet-pull --pull=always --build
docker compose down
docker images -a --digests

Output:

 Image a Pulling 
 Image bash Pulling 
 Image a Error pull access denied for a, repository does not exist or may require 'docker login'
 Image bash Pulled 
 Image a Building 
 Image a Built 
 Network test_default Creating 
 Network test_default Created 
 Container ca Creating 
 Container ca Created 
 Container cb Creating 
 b Image mount is an experimental feature 
 Container cb Created 
Attaching to ca, cb
 Container ca Starting 
ca  | foo
 Container ca Started 
ca exited with code 0
 Container cb Starting 
cb  | foo
cb exited with code 0
 Container cb Started 
 Image bash Pulling 
 Image bash Pulled 
 Image a Building 
 Image a Built 
 Container ca Recreate 
 Container ca Recreated 
Attaching to ca, cb
 Container ca Starting 
ca  | bar
 Container ca Started 
 Container cb Starting 
ca exited with code 0
cb  | foo
cb exited with code 0
 Container cb Started 
[+] down 3/3
 ✔ Container cb            Removed                                                                                                                                                                                                                                                                          0.0s 
 ✔ Container ca            Removed                                                                                                                                                                                                                                                                          0.0s 
 ✔ Network test_default Removed                                                                                                                                                                                                                                                                          0.2s 
REPOSITORY   TAG       DIGEST                                                                    IMAGE ID       CREATED        SIZE
a            latest    sha256:e431715ba01e4d236e411af2f5ba4c690d6b6b40e172f3d94c5b15dbcd3ce540   e431715ba01e   1 second ago   26.6MB
bash         latest    sha256:32ca1653c68dd414bbdcdb9d5dc811010022b04e37bfcc886a5d052fc0c56656   32ca1653c68d   5 weeks ago    26.7MB

Compose Version

Docker Compose version v5.0.1

Docker Environment

Client:
 Version:    29.1.3
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  ai: Docker AI Agent - Ask Gordon (Docker Inc.)
    Version:  v1.17.1
    Path:     /Users/docker/.docker/cli-plugins/docker-ai
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.30.1-desktop.1
    Path:     /Users/docker/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.0.1
    Path:     /Users/docker/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.47
    Path:     /Users/docker/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Docker Inc.)
    Version:  v0.2.0
    Path:     /Users/docker/.docker/cli-plugins/docker-desktop
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.31
    Path:     /Users/docker/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.4.0
    Path:     /Users/docker/.docker/cli-plugins/docker-init
  mcp: Docker MCP Plugin (Docker Inc.)
    Version:  v0.35.0
    Path:     /Users/docker/.docker/cli-plugins/docker-mcp
  model: Docker Model Runner (Docker Inc.)
    Version:  v1.0.6
    Path:     /Users/docker/.docker/cli-plugins/docker-model
  offload: Docker Offload (Docker Inc.)
    Version:  v0.5.40
    Path:     /Users/docker/.docker/cli-plugins/docker-offload
  pass: Docker Pass Secrets Manager Plugin (beta) (Docker Inc.)
    Version:  v0.0.22
    Path:     /Users/docker/.docker/cli-plugins/docker-pass
  sandbox: Docker Sandbox (Docker Inc.)
    Version:  v0.6.0
    Path:     /Users/docker/.docker/cli-plugins/docker-sandbox
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/docker/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.19.0
    Path:     /Users/docker/.docker/cli-plugins/docker-scout

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: 29.1.3
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75
 runc version: v1.3.4-0-gd6d73eb8
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.54-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 12
 Total Memory: 54.82GiB
 Name: docker-desktop
 ID: 04401225-34f9-4d32-b681-5c63e65391db
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/docker/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

No response