我正在尝试设置一个从主机挂载卷的docker容器。 无论我尝试什么,它总是说当我远程进入码头集装箱时拒绝了许可。 这是我尝试添加到我的docker文件中的一些命令:
RUN su -c "setenforce 0"和
chcon -Rt svirt_sandbox_file_t /app当我远程进入我的容器时,仍然出现以下错误:
错误:EACCES:权限被拒绝,scandir'/ app'处于错误(本机)
错误:EACCES:权限被拒绝,在Error(native)处打开'npm-debug.log.578996924'
正如你所看到的,app目录被分配给一些使用uid 1000的用户:
这是我的码头文件:
FROM php:5.6-fpm # Install modules RUN apt-get update && apt-get install -y \ git \ unzip \ libmcrypt-dev \ libicu-dev \ mysql-client \ freetds-dev \ libxml2-dev RUN apt-get install -y freetds-dev php5-sybase # This symlink fixes the pdo_dblib install RUN ln -s /usr/lib/x86_64-linux-gnu/libsybdb.a /usr/lib/ RUN docker-php-ext-install pdo \ && docker-php-ext-install pdo_mysql \ && docker-php-ext-install pdo_dblib \ && docker-php-ext-install iconv \ && docker-php-ext-install mcrypt \ && docker-php-ext-install intl \ && docker-php-ext-install opcache \ && docker-php-ext-install mbstring # Override the default php.ini with a custom one COPY ./php.ini /usr/local/etc/php/ # replace shell with bash so we can source files RUN rm /bin/sh && ln -s /bin/bash /bin/sh # nvm environment variables ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 4.4.7 # install nvm RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash # install node and npm RUN source $NVM_DIR/nvm.sh \ && nvm install $NODE_VERSION \ && nvm alias default $NODE_VERSION \ && nvm use default # add node and npm to path so the commands are available ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH # confirm installation RUN node -v RUN npm -v # Install Composer RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer RUN composer --version # Configure freetds ADD ./freetds.conf /etc/freetds/freetds.conf WORKDIR /app # Gulp install RUN npm install -g gulp RUN npm install -g bower CMD ["php-fpm"]这是我的码头组成:
nginx_dev: container_name: nginx_dev build: docker/nginx_dev ports: - "80:80" depends_on: - php_dev links: - php_dev volumes: - ./:/app php_dev: container_name: php_dev build: docker/php-dev volumes: - ./:/app`是否有任何命令可以运行,以授予root用户访问应用程序目录的权限? 我也在使用docker-compose。
I am trying to setup a docker container that mounts a volume from the host. No matter what I try, it always says permission denied when I remote into the docker container. This is some of the commands I have tried adding to my docker file:
RUN su -c "setenforce 0"and
chcon -Rt svirt_sandbox_file_t /appStill I get the following error when I remote into my container:
Error: EACCES: permission denied, scandir '/app' at Error (native)
Error: EACCES: permission denied, open 'npm-debug.log.578996924' at Error (native)
And as you can see, the app directory is assigned to some user with uid 1000:
Here is my docker file:
FROM php:5.6-fpm # Install modules RUN apt-get update && apt-get install -y \ git \ unzip \ libmcrypt-dev \ libicu-dev \ mysql-client \ freetds-dev \ libxml2-dev RUN apt-get install -y freetds-dev php5-sybase # This symlink fixes the pdo_dblib install RUN ln -s /usr/lib/x86_64-linux-gnu/libsybdb.a /usr/lib/ RUN docker-php-ext-install pdo \ && docker-php-ext-install pdo_mysql \ && docker-php-ext-install pdo_dblib \ && docker-php-ext-install iconv \ && docker-php-ext-install mcrypt \ && docker-php-ext-install intl \ && docker-php-ext-install opcache \ && docker-php-ext-install mbstring # Override the default php.ini with a custom one COPY ./php.ini /usr/local/etc/php/ # replace shell with bash so we can source files RUN rm /bin/sh && ln -s /bin/bash /bin/sh # nvm environment variables ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 4.4.7 # install nvm RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash # install node and npm RUN source $NVM_DIR/nvm.sh \ && nvm install $NODE_VERSION \ && nvm alias default $NODE_VERSION \ && nvm use default # add node and npm to path so the commands are available ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH # confirm installation RUN node -v RUN npm -v # Install Composer RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer RUN composer --version # Configure freetds ADD ./freetds.conf /etc/freetds/freetds.conf WORKDIR /app # Gulp install RUN npm install -g gulp RUN npm install -g bower CMD ["php-fpm"]Here is my docker-compose:
nginx_dev: container_name: nginx_dev build: docker/nginx_dev ports: - "80:80" depends_on: - php_dev links: - php_dev volumes: - ./:/app php_dev: container_name: php_dev build: docker/php-dev volumes: - ./:/app`Is there any commands I can run to give the root user permissions to access the app directory? I am using docker-compose as well.
最满意答案
从目录列表中看来,您已经配置了selinux(这是权限位上的尾随点)。 在启用selinux的Docker中,您需要使用额外的标志:z来挂载卷。 Docker将此描述为卷标,但我相信这是一个selinux术语,而不是卷上的码头标签。
你得到的docker-compose.yml应该如下所示:
version: '2' services: nginx_dev: container_name: nginx_dev build: docker/nginx_dev ports: - "80:80" depends_on: - php_dev links: - php_dev volumes: - ./:/app:z php_dev: container_name: php_dev build: docker/php-dev volumes: - ./:/app:z请注意,我还将语法更新为版本2. docker-compose.yml的第1版正在逐步淘汰。 版本2将导致容器在默认情况下在自己的网络中运行,这通常是首选,但如果您有其他容器试图与这些容器进行对话,则可能会导致问题。
From the directory listing, it appears that you have selinux configured (that's the trailing dots on the permission bits). In Docker with selinux enabled, you need to mount volumes with an extra flag, :z. Docker describes this as a volume label but I believe this is an selinux term rather than a docker label on the volume.
Your resulting docker-compose.yml should look like:
version: '2' services: nginx_dev: container_name: nginx_dev build: docker/nginx_dev ports: - "80:80" depends_on: - php_dev links: - php_dev volumes: - ./:/app:z php_dev: container_name: php_dev build: docker/php-dev volumes: - ./:/app:zNote, I also updated the syntax to version 2. Version 1 of the docker-compose.yml is being phased out. Version 2 will result in the containers being run in their own network by default which is usually preferred but may cause issues if you have other containers trying to talk to these.
更多推荐
发布评论