坐骑否认.路径......不是从 OS X 共享的，也不为 Docker 所知 [英] Mounts denied. The paths ... are not shared from OS X and are not known to Docker

问题描述

命令 docker run -v/var/folders/zz/... 产生以下错误.

docker: 来自守护进程的错误响应:挂载被拒绝:路径/var/folders/zz/... 和/var/folders/zz/...不从 OS X 共享，也不为 Docker 所知.您可以从 Docker 配置共享路径 ->首选项... ->文件共享.

当我打开文件共享时，我看到/private 已经列出.

如果我尝试添加 /var/folder/，它会解析为 /private/var/folders，它是/private 的子集，因此添加是拒绝了.

总而言之，在我看来目录 /var/folders/.. 被 OS X 共享为 /private 的子目录，因此必须知道到 Docker.任何解决此问题的帮助将不胜感激.

作为一个实验，我将文件共享中的 /private 替换为 /private/var/folders 并重新启动 docker 但结果没有改变.

为了更完整的参考，这是

/var 在 macOS 中是到 /private 的符号链接./tmp 也是如此:

$ ls -ld/tmp/varlrwxr-xr-x@ 1 根轮 11 Jan 26 16:18/tmp ->私人/tmplrwxr-xr-x@ 1 根轮 11 Jan 26 16:18/var ->私人/无功

为什么 /tmp 列在共享面板中，而 /var 没有(即使两者都是 /private 的一部分)?Docker for Mac 的 关于文件系统命名空间的文档 解释说:

<块引用>

默认情况下，您可以在 /Users/、/Volumes/、/private/ 和 /tmp 中共享文件 直接.要添加或删除导出到 Docker 的目录树，请使用 Docker 首选项鲸鱼中的文件共享选项卡菜单 -> 首选项 -> 文件共享.(请参阅首选项.)

-v 绑定挂载中使用的所有其他路径均来自运行 Docker 容器的 Moby Linux VM， 因此诸如 -v/var/之类的参数run/docker.sock:/var/run/docker.sock 应该按预期工作.如果 macOS 路径未共享且 VM 中不存在，则尝试绑定挂载它将失败，而不是在 VM 中创建它.VM 中已存在且包含文件的路径由 Docker 保留，无法从 macOS 导出.

请注意，这里特别提到了 /var/run 作为将从 Linux VM 而非 macOS 挂载的地方.

当您要求安装卷时，首先检查 macOS 文件系统导出.如果没有匹配项，则接下来检查运行 Docker 的 Linux VM.如果它们都没有您请求的路径，则挂载失败.

在您的情况下，/var 不是由 macOS 导出的./var 存在于 Linux VM 中，但 /var/folders 不存在.所以路径不可用，挂载失败.

如果您将路径更改为 /private/var，那么它会成功，因为 macOS 会导出整个 /private 文件系统树以进行挂载.

为了使事情更便携，您可能需要测试您当前运行的平台，如果是 macOS，请在挂载路径前加上 /private.

The command docker run -v /var/folders/zz/... produces the following error.

docker: Error response from daemon: Mounts denied: 
The paths /var/folders/zz/... and /var/folders/zz/...
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.

When I do open File Sharing, I see that /private is listed already.

If I attempt to add /var/folder/, it resolves to /private/var/folders, which is a subset of /private and hence the addition is rejected.

To summarize, it looks to me like the directory /var/folders/.. is shared by OS X as a subdirectory of /private and hence must be known to Docker. Any help on resolving this would be appreciated.

As an experiment, I replaced the /private in File Sharing with /private/var/folders and restarted the docker but the result did not change.

Just for a more complete reference, this is the .sh script, which runs this python script, which in turn runs the docker command.

解决方案

Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.

As shown in Docker's preferences, only certain paths are exported by macOS.

• /Users
• /Volumes
• /tmp
• /private

/var in macOS is a symbolic link into /private. That is also true for /tmp:

$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /var -> private/var

Why is /tmp listed in the sharing panel, but /var is not (even though both are a part of /private)? Docker for Mac's documentation about filesystem namespaces explains:

By default, you can share files in /Users/, /Volumes/, /private/, and /tmp directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale menu -> Preferences -> File sharing. (See Preferences.)

All other paths used in -v bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.

Note that /var/run is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.

When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.

In your case, /var is not exported by macOS. /var exists in the Linux VM, but /var/folders does not. Therefore, the path is not available, and the mount fails.

If you change the path to /private/var, then it will succeed, because macOS exports the entire /private filesystem tree for mounting.

In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private.

这篇关于坐骑否认.路径......不是从 OS X 共享的，也不为 Docker 所知的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！