Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

docker mounting volume with permission denied

I am trying to setup a docker container that mounts a volume from the host. No matter what I try, it always says permission denied when I remote into the docker container. This is some of the commands I have tried adding to my docker file:

RUN su -c "setenforce 0"

and

chcon -Rt svirt_sandbox_file_t /app

Still I get the following error when I remote into my container:

Error: EACCES: permission denied, scandir '/app' at Error (native)

Error: EACCES: permission denied, open 'npm-debug.log.578996924' at Error (native)

And as you can see, the app directory is assigned to some user with uid 1000:

enter image description here

Here is my docker file:

FROM php:5.6-fpm

# Install modules
RUN apt-get update && apt-get install -y \
    git \
    unzip \
    libmcrypt-dev  \
    libicu-dev \
    mysql-client \
    freetds-dev \
    libxml2-dev

RUN apt-get install -y freetds-dev php5-sybase

# This symlink fixes the pdo_dblib install
RUN ln -s /usr/lib/x86_64-linux-gnu/libsybdb.a /usr/lib/

RUN    docker-php-ext-install pdo \
    && docker-php-ext-install pdo_mysql \
    && docker-php-ext-install pdo_dblib \
    && docker-php-ext-install iconv \
    && docker-php-ext-install mcrypt \
    && docker-php-ext-install intl \
    && docker-php-ext-install opcache \
    && docker-php-ext-install mbstring

# Override the default php.ini with a custom one
COPY ./php.ini /usr/local/etc/php/

# replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh

# nvm environment variables
ENV NVM_DIR /usr/local/nvm
ENV NODE_VERSION 4.4.7

# install nvm
RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash

# install node and npm
RUN source $NVM_DIR/nvm.sh \
    && nvm install $NODE_VERSION \
    && nvm alias default $NODE_VERSION \
    && nvm use default

# add node and npm to path so the commands are available
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH

# confirm installation
RUN node -v
RUN npm -v

# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN composer --version

# Configure freetds
ADD ./freetds.conf /etc/freetds/freetds.conf

WORKDIR /app

# Gulp install
RUN npm install -g gulp
RUN npm install -g bower


CMD ["php-fpm"]

Here is my docker-compose:

nginx_dev:
  container_name: nginx_dev
  build: docker/nginx_dev
  ports:
    - "80:80"
  depends_on:
    - php_dev
  links:
    - php_dev
  volumes:
    - ./:/app


php_dev:
  container_name: php_dev
  build: docker/php-dev
  volumes:
    - ./:/app`

Is there any commands I can run to give the root user permissions to access the app directory? I am using docker-compose as well.

like image 334
Sam Munroe Avatar asked May 23 '17 15:05

Sam Munroe


People also ask

Can I mount a docker volume?

A Docker volume is a directory somewhere in your Docker storage directory and can be mounted to one or many containers. They are fully managed and do not depend on certain operating system specifics. Before removing the Docker volume, you can open your Docker GUI and inspect the volume by clicking on the data tab.

How do I fix docker permissions?

Similar to running a docker command without the sudo command, a stopped Docker Engine triggers the permission denied error. How do you fix the error? By restarting your Docker engine. Run the systemctl command below to confirm the Docker Engine's status ( status docker ) and if it's running.

How do I specify a Dockerfile volume?

In Dockerfile you can specify only the destination of a volume inside a container. e.g. /usr/src/app . When you run a container, e.g. docker run --volume=/opt:/usr/src/app my_image , you may but do not have to specify its mounting point ( /opt ) on the host machine.


1 Answers

From the directory listing, it appears that you have selinux configured (that's the trailing dots on the permission bits). In Docker with selinux enabled, you need to mount volumes with an extra flag, :z. Docker describes this as a volume label but I believe this is an selinux term rather than a docker label on the volume.

Your resulting docker-compose.yml should look like:

version: '2'

services:
   nginx_dev:
      container_name: nginx_dev
      build: docker/nginx_dev
      ports:
        - "80:80"
      depends_on:
        - php_dev
      links:
        - php_dev
      volumes:
        - ./:/app:z


   php_dev:
      container_name: php_dev
      build: docker/php-dev
      volumes:
        - ./:/app:z

Note, I also updated the syntax to version 2. Version 1 of the docker-compose.yml is being phased out. Version 2 will result in the containers being run in their own network by default which is usually preferred but may cause issues if you have other containers trying to talk to these.

like image 65
BMitch Avatar answered Sep 21 '22 03:09

BMitch