docker mounting volume with permission denied

Question

I am trying to setup a docker container that mounts a volume from the host. No matter what I try, it always says permission denied when I remote into the docker container. This is some of the commands I have tried adding to my docker file:

RUN su -c "setenforce 0"

and

chcon -Rt svirt_sandbox_file_t /app

Still I get the following error when I remote into my container:

Error: EACCES: permission denied, scandir '/app' at Error (native)

Error: EACCES: permission denied, open 'npm-debug.log.578996924' at Error (native)

And as you can see, the app directory is assigned to some user with uid 1000:

Here is my docker file:

FROM php:5.6-fpm

# Install modules
RUN apt-get update && apt-get install -y \
    git \
    unzip \
    libmcrypt-dev  \
    libicu-dev \
    mysql-client \
    freetds-dev \
    libxml2-dev

RUN apt-get install -y freetds-dev php5-sybase

# This symlink fixes the pdo_dblib install
RUN ln -s /usr/lib/x86_64-linux-gnu/libsybdb.a /usr/lib/

RUN    docker-php-ext-install pdo \
    && docker-php-ext-install pdo_mysql \
    && docker-php-ext-install pdo_dblib \
    && docker-php-ext-install iconv \
    && docker-php-ext-install mcrypt \
    && docker-php-ext-install intl \
    && docker-php-ext-install opcache \
    && docker-php-ext-install mbstring

# Override the default php.ini with a custom one
COPY ./php.ini /usr/local/etc/php/

# replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh

# nvm environment variables
ENV NVM_DIR /usr/local/nvm
ENV NODE_VERSION 4.4.7

# install nvm
RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash

# install node and npm
RUN source $NVM_DIR/nvm.sh \
    && nvm install $NODE_VERSION \
    && nvm alias default $NODE_VERSION \
    && nvm use default

# add node and npm to path so the commands are available
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH

# confirm installation
RUN node -v
RUN npm -v

# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN composer --version

# Configure freetds
ADD ./freetds.conf /etc/freetds/freetds.conf

WORKDIR /app

# Gulp install
RUN npm install -g gulp
RUN npm install -g bower


CMD ["php-fpm"]

Here is my docker-compose:

nginx_dev:
  container_name: nginx_dev
  build: docker/nginx_dev
  ports:
    - "80:80"
  depends_on:
    - php_dev
  links:
    - php_dev
  volumes:
    - ./:/app


php_dev:
  container_name: php_dev
  build: docker/php-dev
  volumes:
    - ./:/app`

Is there any commands I can run to give the root user permissions to access the app directory? I am using docker-compose as well.

Answer 1

From the directory listing, it appears that you have selinux configured (that's the trailing dots on the permission bits). In Docker with selinux enabled, you need to mount volumes with an extra flag, :z. Docker describes this as a volume label but I believe this is an selinux term rather than a docker label on the volume.

Your resulting docker-compose.yml should look like:

version: '2'

services:
   nginx_dev:
      container_name: nginx_dev
      build: docker/nginx_dev
      ports:
        - "80:80"
      depends_on:
        - php_dev
      links:
        - php_dev
      volumes:
        - ./:/app:z


   php_dev:
      container_name: php_dev
      build: docker/php-dev
      volumes:
        - ./:/app:z

Note, I also updated the syntax to version 2. Version 1 of the docker-compose.yml is being phased out. Version 2 will result in the containers being run in their own network by default which is usually preferred but may cause issues if you have other containers trying to talk to these.