How to solve permission denied when mounting volume during docker run command?

Question

I'm trying to run a container binding a directory and I get an error about permission being denied, so the container doesn't start at all.

In the current directory there is a directory called main and in the container there is a directory /builder/project

david@localhost ~/contrib_archives $ docker run -v `realpath main`:/build/project builder
docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/home/david/contrib_archives/main\\\" to rootfs \\\"/var/lib/docker/100000.100000/overlay2/2d14c3752819ff12891bace539ae4ef0039c42e6deb00170432c934d681b842e/merged\\\" at \\\"/build/project\\\" caused \\\"stat /home/david/contrib_archives/main: permission denied\\\"\"": unknown.
ERRO[0000] error waiting for container: context canceled 

If I run the container without the -v parameter it runs fine (But it's useless since I can't get the data in).

Anyone has any idea of what the problem could be?

I'm running with user namespaces.

Answer 1

The issue was that I am running with usernamespaces and did not have the correct mapping.

In my distribution the file /etc/subuid contains this:

david:100000:65536

But I had to make it look like this:

david:1000:1
david:100000:65536

So that my own uid would be mapped to root inside the container.

A nice guide seems to be this one https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/