“不允许操作"来自以 root 身份登录的 docker 容器 [英] "Operation not permitted" from docker container logged as root

问题描述

我需要你的帮助来理解我的问题.

I need your help to understand my problem.

上周我用 Catalina 更新了我的 macintosh，然后我更新了 docker for mac.

I updated my macintosh with Catalina last week, then i updated docker for mac.

自从这些更新后，我在共享卷上遇到了所有权问题.

Since those updates, i have ownership issues on shared volumes.

我可以用一个小例子来重现.我只是创建了一个小的 docker-compose 来构建一个 nginx 容器.我有一个文件夹 src，里面有一个像src/index.php"这样的 PHP 文件.

I can reproduce with a small example. I just create a small docker-compose which build a nginx container. I have a folder src with a PHP file like this "src/index.php".

我构建容器并启动它.然后我去/app/www/mysrc(共享卷)并用胶带ls -la"检查index.php是否正常，我得到:

I build the container and start it. Then i go to /app/www/mysrc (shared volume) and tape "ls -la" to check if the index.php is OK and i get :

ls: cannot open directory '.': Operation not permitted

这是一个简单的 docker-compose 文件:docker-compose.yml :

Here is a simple docker-compose file : docker-compose.yml :

version: "3"

services:
  test-nginx:
    restart: always
    image: 'nginx:1.17.3'
    ports:
      - "8082:80"
    volumes:
      - ./src:/app/www/mysrc

当我构建并启动容器时，我得到:

When i build and start the container, i get :

$ docker-compose exec test-nginx sh
# cd /app/www
# ls -la
total 8
drwxr-xr-x 3 root root 4096 Oct 21 07:58 .
drwxr-xr-x 3 root root 4096 Oct 21 07:58 ..
drwxr-xr-x 3 root root   96 Oct 21 07:51 mysrc
# cd mysrc
# ls -la
ls: cannot open directory '.': Operation not permitted
# whoami
root

所以，我的 nginx 服务器宕机了，因为 nginx 无法访问源文件.

So, my nginx server is down because nginx can't access to the source files.

感谢您的帮助.

推荐答案

如果它在更新到 Catalina 之前可以正常工作，则问题是由于 Catalina 请求的新权限造成的.

If it was working prior to the update to Catalina, the issue is due to the new permissions requested by Catalina.

现在，macOS 请求所有内容的权限，甚至是访问目录.因此，您可能收到了关于授予 Docker for Mac 访问共享文件夹权限的通知，但您没有授予它，现在您正面临此类操作的结果.

Now, macOS requests permissions for everything, even for accessing a directory. So, probably you had a notification about granting Docker for Mac permission to access the shared folder, you didn't grant it, and now you are facing the outcome of such action.

要立即授予权限，请转到系统偏好设置">安全性与安全性"隐私 > 文件和文件夹，并添加 Docker for Mac 和您的共享目录.

To grant privileges now, go to System preferences > Security & Privacy > Files and Folders, and add Docker for Mac and your shared directory.

这篇关于“不允许操作"来自以 root 身份登录的 docker 容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！