坐骑被拒绝.路径...未从OS X共享并且Docker未知 [英] Mounts denied. The paths ... are not shared from OS X and are not known to Docker

问题描述

命令 docker run -v/var/folders/zz/...会产生以下错误.

  docker:来自守护程序的错误响应:挂载被拒绝:路径/var/folders/zz/...和/var/folders/zz/...不会从OS X共享，并且Docker不知道.您可以从Docker配置共享路径->首选项...->文件共享. 

当我打开文件共享时，我看到/private已经列出.

如果我尝试添加/var/folder/，它将解析为/private/var/folders ，它是/private的子集，因此添加为拒绝了.

总而言之，在我看来，目录/var/folders/..由OS X共享为/private 的子目录，因此必须知道到Docker.解决该问题的任何帮助将不胜感激.

作为一个实验，我将文件共享中的/private 替换为/private/var/folders ，然后重新启动了docker，但结果没有改变.

仅是为了获得更完整的参考，这是

macOS中的

/var 是指向/private 的符号链接.对于/tmp :

  $ ls -ld/tmp/varlrwxr-xr-x @ 1根轮1 Jan 26 26:18/tmp->私人/tmplrwxr-xr-x @ 1根轮1 Jan 26 26:18/var->私人/无聊 

为什么在共享面板中列出了/tmp ，但没有列出/var (即使它们都是/private 的一部分)?Docker for Mac的有关文件系统名称空间的文档解释:

默认情况下，您可以共享/Users/，/Volumes/，/private/和/tmp中的文件直接.要添加或删除导出到Docker的目录树，请使用Docker首选项whale中的File Sharing选项卡菜单->首选项->文件共享.(请参阅首选项.)

-v 绑定安装中使用的所有其他路径均来自运行Docker容器的Moby Linux VM ，因此，诸如 -v/var/run/docker.sock:/var/run/docker.sock 应该可以正常工作.如果未共享macOS路径且VM中不存在macOS路径，则尝试绑定安装失败，而不是在VM中创建它. VM中已存在并包含文件的路径已由Docker保留，无法从macOS导出.

请注意，这里专门提到了/var/run 作为可以从Linux VM而不是从macOS挂载的位置.

当您请求卷挂载时，首先检查macOS文件系统导出.如果不存在匹配项，则接下来检查运行Docker的Linux VM.如果它们都不具有您请求的路径，则挂载将失败.

在您的情况下，macOS不会导出/var .Linux虚拟机中存在/var ，但/var/folders 不存在.因此，该路径不可用，并且挂载失败.

如果将路径更改为/private/var ，则它将成功，因为macOS导出了整个/private 文件系统树以进行挂载.

为了使事情更容易移植，您可能需要测试当前运行的平台，如果是macOS，则在安装路径前加上/private .

The command docker run -v /var/folders/zz/... produces the following error.

docker: Error response from daemon: Mounts denied: 
The paths /var/folders/zz/... and /var/folders/zz/...
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.

When I do open File Sharing, I see that /private is listed already.

If I attempt to add /var/folder/, it resolves to /private/var/folders, which is a subset of /private and hence the addition is rejected.

To summarize, it looks to me like the directory /var/folders/.. is shared by OS X as a subdirectory of /private and hence must be known to Docker. Any help on resolving this would be appreciated.

As an experiment, I replaced the /private in File Sharing with /private/var/folders and restarted the docker but the result did not change.

Just for a more complete reference, this is the .sh script, which runs this python script, which in turn runs the docker command.

解决方案

Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.

As shown in Docker's preferences, only certain paths are exported by macOS.

• /Users
• /Volumes
• /tmp
• /private

/var in macOS is a symbolic link into /private. That is also true for /tmp:

$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /var -> private/var

Why is /tmp listed in the sharing panel, but /var is not (even though both are a part of /private)? Docker for Mac's documentation about filesystem namespaces explains:

By default, you can share files in /Users/, /Volumes/, /private/, and /tmp directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale menu -> Preferences -> File sharing. (See Preferences.)

All other paths used in -v bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.

Note that /var/run is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.

When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.

In your case, /var is not exported by macOS. /var exists in the Linux VM, but /var/folders does not. Therefore, the path is not available, and the mount fails.

If you change the path to /private/var, then it will succeed, because macOS exports the entire /private filesystem tree for mounting.

In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private.

这篇关于坐骑被拒绝.路径...未从OS X共享并且Docker未知的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！