“不允许操作"；从以root身份登录的docker容器中 [英] "Operation not permitted" from docker container logged as root

问题描述

我需要您的帮助以了解我的问题.

I need your help to understand my problem.

我上周在Catalina上更新了Macintosh，然后在Mac上更新了Docker.

I updated my macintosh with Catalina last week, then i updated docker for mac.

自从这些更新以来，我在共享卷上遇到所有权问题.

Since those updates, i have ownership issues on shared volumes.

我可以举一个小例子.我只是创建了一个小的docker-compose，它构建了一个nginx容器. 我有一个src文件夹，其中包含一个像"src/index.php"这样的PHP文件.

I can reproduce with a small example. I just create a small docker-compose which build a nginx container. I have a folder src with a PHP file like this "src/index.php".

我构建容器并启动它. 然后，我转到/app/www/mysrc(共享卷)和磁带"ls -la"，以检查index.php是否正常，并且得到:

I build the container and start it. Then i go to /app/www/mysrc (shared volume) and tape "ls -la" to check if the index.php is OK and i get :

ls: cannot open directory '.': Operation not permitted

这是一个简单的docker-compose文件: docker-compose.yml:

Here is a simple docker-compose file : docker-compose.yml :

version: "3"

services:
  test-nginx:
    restart: always
    image: 'nginx:1.17.3'
    ports:
      - "8082:80"
    volumes:
      - ./src:/app/www/mysrc

当我构建并启动容器时，我得到了:

When i build and start the container, i get :

$ docker-compose exec test-nginx sh
# cd /app/www
# ls -la
total 8
drwxr-xr-x 3 root root 4096 Oct 21 07:58 .
drwxr-xr-x 3 root root 4096 Oct 21 07:58 ..
drwxr-xr-x 3 root root   96 Oct 21 07:51 mysrc
# cd mysrc
# ls -la
ls: cannot open directory '.': Operation not permitted
# whoami
root

因此，我的nginx服务器已关闭，因为nginx无法访问源文件.

So, my nginx server is down because nginx can't access to the source files.

感谢您的帮助.

推荐答案

如果在更新Catalina之前可以正常使用，则问题是由于Catalina请求的新权限引起的.

If it was working prior to the update to Catalina, the issue is due to the new permissions requested by Catalina.

现在，macOS请求所有内容的权限，甚至包括访问目录的权限.因此，可能您已经收到有关授予Docker for Mac访问共享文件夹的权限的通知，而您没有授予它，现在您将面临此类操作的结果.

Now, macOS requests permissions for everything, even for accessing a directory. So, probably you had a notification about granting Docker for Mac permission to access the shared folder, you didn't grant it, and now you are facing the outcome of such action.

要立即授予特权，请进入系统偏好设置>安全性和隐私>文件和文件夹，然后添加Docker for Mac和您的共享目录.

To grant privileges now, go to System preferences > Security & Privacy > Files and Folders, and add Docker for Mac and your shared directory.

这篇关于“不允许操作"；从以root身份登录的docker容器中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！