Permission denied error when rebuilding docker image with volume

Question

I am trying to create a MongoDB Docker environment. I also want the data persist between rebuild. So I added a volume in the docker-compose.yml.

Here is my docker-compose.yml

version: '3.1'

services:
  mongo:
    build:
      context: .
      dockerfile: ./docker/mongo/Dockerfile
    restart: always
    ports:
      - ${MONGO_PORT_FORWARD}:${MONGO_PORT}
    volumes:
      - ./data/db:/data/db:Z

And this is my Dockerfile

FROM mongo:latest

ENV MONGO_INITDB_ROOT_USERNAME admin
ENV MONGO_INITDB_ROOT_PASSWORD secret
ENV MONGO_INITDB_DATABASE db

Now I run docker-compose up and it works flawlessly. But when I run docker-compose build to rebuild the image, I got error below.

Building mongo
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 11, in <module>
    load_entry_point('docker-compose==1.23.2', 'console_scripts', 'docker-compose')()
  File "/usr/lib/python3.7/site-packages/compose/cli/main.py", line 71, in main
    command()
  File "/usr/lib/python3.7/site-packages/compose/cli/main.py", line 127, in perform_command
    handler(command, command_options)
  File "/usr/lib/python3.7/site-packages/compose/cli/main.py", line 287, in build
    parallel_build=options.get('--parallel', False),
  File "/usr/lib/python3.7/site-packages/compose/project.py", line 384, in build
    build_service(service)
  File "/usr/lib/python3.7/site-packages/compose/project.py", line 366, in build_service
    service.build(no_cache, pull, force_rm, memory, build_args, gzip)
  File "/usr/lib/python3.7/site-packages/compose/service.py", line 1082, in build
    platform=self.platform,
  File "/usr/lib/python3.7/site-packages/docker/api/build.py", line 159, in build
    path, exclude=exclude, dockerfile=dockerfile, gzip=gzip
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 30, in tar
    files=sorted(exclude_paths(root, exclude, dockerfile=dockerfile[0])),
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 49, in exclude_paths
    return set(pm.walk(root))
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/usr/lib/python3.7/site-packages/docker/utils/build.py", line 184, in rec_walk
    for f in os.listdir(current_dir):
PermissionError: [Errno 13] Permission denied: '/home/zendy/Projects/ZendyLim/GTBox/data/db/journal'

I checked the permission of /data/db/ and I found out the it has 999:root as owner.

What I am doing wrong here? What can I do to make this work?

UPDATE 1:

I have tried to set user as mongodb in the docker-compose.yml

version: '3.1'

services:
  mongo:
    build:
      context: .
      dockerfile: ./docker/mongo/Dockerfile
    restart: always
    ports:
      - ${MONGO_PORT_FORWARD}:${MONGO_PORT}
    volumes:
      - ./data/db:/data/db:Z
    user: mongodb

And got this error

mongo_1  | about to fork child process, waiting until server is ready for connections.
mongo_1  | forked process: 17
mongo_1  | 2019-03-13T00:58:43.499+0000 I CONTROL  [main] ***** SERVER RESTARTED *****
mongo_1  | 2019-03-13T00:58:43.502+0000 I CONTROL  [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] MongoDB starting : pid=17 port=27017 dbpath=/data/db 64-bit host=1e56c8187004
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] db version v4.0.6
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] git version: caa42a1f75a56c7643d0b68d3880444375ec42e3
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.2g  1 Mar 2016
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] allocator: tcmalloc
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] modules: none
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] build environment:
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten]     distmod: ubuntu1604
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten]     distarch: x86_64
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten]     target_arch: x86_64
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] options: { net: { bindIp: "127.0.0.1", port: 27017, ssl: { mode: "disabled" } }, processManagement: { fork: true, pidFilePath: "/tmp/docker-entrypoint-temp-mongod.pid" }, systemLog: { destination: "file", logAppend: true, path: "/proc/1/fd/1" } }
mongo_1  | 2019-03-13T00:58:43.504+0000 I STORAGE  [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/db, terminating
mongo_1  | 2019-03-13T00:58:43.504+0000 I NETWORK  [initandlisten] shutdown: going to close listening sockets...
mongo_1  | 2019-03-13T00:58:43.504+0000 I NETWORK  [initandlisten] removing socket file: /tmp/mongodb-27017.sock
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] now exiting
mongo_1  | 2019-03-13T00:58:43.504+0000 I CONTROL  [initandlisten] shutting down with code:100
mongo_1  | ERROR: child process failed, exited with error number 100
mongo_1  | To see additional information in this output, start without the "--fork" option.
gtbox_mongo_1 exited with code 100

Answer 1

Found out the solution

I created a .dockerignore file with data/ in it.

# .dockerignore

data/

# Other files and folder

It manages to rebuild without any problem.

The only downside if I want a clean slate of the database, I need to run sudo rm -rf data to remove the folder.