Permission denied on accessing host directory in docker

Permission denied on accessing host directory in docker

In short: I am trying to mount a host directory in Docker, but then I can not access it from within the container, even if the access permissions look good.

The details:

I am doing

sudo docker run -i -v /data1/Downloads:/Downloads ubuntu bash  

and then

ls -al  

It gives me:

total 8892  drwxr-xr-x.  23 root root    4096 Jun 18 14:34 .  drwxr-xr-x.  23 root root    4096 Jun 18 14:34 ..  -rwxr-xr-x.   1 root root       0 Jun 18 14:34 .dockerenv  -rwx------.   1 root root 9014486 Jun 17 22:09 .dockerinit  drwxrwxr-x.  18 1000 1000   12288 Jun 16 11:40 Downloads  drwxr-xr-x.   2 root root    4096 Jan 29 18:10 bin  drwxr-xr-x.   2 root root    4096 Apr 19  2012 boot  drwxr-xr-x.   4 root root     340 Jun 18 14:34 dev  drwxr-xr-x.  56 root root    4096 Jun 18 14:34 etc  drwxr-xr-x.   2 root root    4096 Apr 19  2012 home  

and a lot more lines like that (I think this is the relevant portion).

If I do

cd /Downloads  ls  

the result is

ls: cannot open directory .: Permission denied  

The host is Fedora 20, with Docker 1.0.0 and go1.2.2.

Any ideas what is going wrong?

Answer by user3761313 for Permission denied on accessing host directory in docker

It is an selinux issue.

You can temporarily issue

su -c "setenforce 0"  

on the host to access or else add an selinux rule by running

chcon -Rt svirt_sandbox_file_t /path/to/volume  

Answer by John Phillips for Permission denied on accessing host directory in docker

Try running the container as privileged:

sudo docker run --privileged=true -i -v /data1/Downloads:/Downloads ubuntu bash  

Another option (that I have not tried) would be to create a privileged container and then create non-privileged containers inside of it.

Answer by jeff mccormick for Permission denied on accessing host directory in docker

I verified that chcon -Rt svirt_sandbox_file_t /path/to/volume does work and you don't have to run as a privileged container.

This is on Docker version 0.11.1-dev, build 02d20af/0.11.1, centos7 as the host and container with selinux enabled.

Answer by Thomas8 for Permission denied on accessing host directory in docker

From access.redhat.com:Sharing_Data_Across_Containers:

Host volume settings are not portable, since they are host-dependent and might not work on any other machine. For this reason, there is no Dockerfile equivalent for mounting host directories to the container. Also, be aware that the host system has no knowledge of container SELinux policy. Therefore, if SELinux policy is enforced, the mounted host directory is not writable to the container, regardless of the rw setting. Currently, you can work around this by assigning the proper SELinux policy type to the host directory":

chcon -Rt svirt_sandbox_file_t host_dir

Where host_dir is a path to the directory on host system that is mounted to the container.

It's seems to be only a workaround but i tried and it works

Answer by gregswift for Permission denied on accessing host directory in docker

See this Project Atomic blog post about Voumes and SELinux for the full story.

Specifically:

This got easier recently since Docker finally merged a patch which will be showing up in docker-1.7 (We have been carrying the patch in docker-1.6 on RHEL, CentOS, and Fedora).

This patch adds support for "z" and "Z" as options on the volume mounts (-v).

For example:

docker run -v /var/db:/var/db:z rhel7 /bin/sh

Will automatically do the chcon -Rt svirt_sandbox_file_t /var/db described in the man page.

Even better, you can use Z.

docker run -v /var/db:/var/db:Z rhel7 /bin/sh

This will label the content inside the container with the exact MCS label that the container will run with, basically it runs chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db where s0:c1,c2 differs for each container.

Answer by Dai Kaixian for Permission denied on accessing host directory in docker

Another easy way is to edit the /etc/selinux/config file and set

#SELINUX=enforcing    SELINUX=disabled  

then reboot your machine and restart your container.

Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\XAMPP INSTALLASTION\xampp\htdocs\endunpratama9i\www-stackoverflow-info-proses.php on line 72