挂载“命名体积”作为Docker的非根目录 [英] Mount "named volume" as non-root in Docker
问题描述
有没有办法将命名卷作为非root用户安装?我试图避免在每个Dockerfile中运行一个 chown
,但是我需要非root用户可以写入mount,以便能够编写由构建图像
Is there any way to mount a named volume as a non-root user? I am trying to avoid having to run a chown
in each Dockerfile but I need the mount to be writable by a non-root user to be able to write the artifacts created by a build in the image
这是我正在尝试的
docker run --rm -it -v /home/bob/dev/:/src/dev -v builds:/mnt/build --name build hilikus/build /bin/bash
但是对于第二个挂载我得到
but for the second mount I get
[user@42f237282128 ~]$ ll /mnt
total 4
drwxr-xr-x 2 root root 4096 Sep 18 19:29 build
我的其他挂载( / src / dev /
)由用户拥有,而不是通过根,所以它给了我需要的;但是,我没有能够对命名卷做同样的操作。
My other mount (/src/dev/
) is owned by user, not by root so it gives what I need; however, I haven't been able to do the same with the named volume.
推荐答案
命名卷初始化为您在该位置的图像,因此您需要在Dockerfile内设置权限:
The named volume initializes to the contents of your image at that location, so you need to set the permissions inside your Dockerfile:
$ cat df.vf-uid
FROM busybox
RUN mkdir -p /data && echo "hello world" > /data/hello && chown -R 1000 /data
$ docker build -t test-vf -f df.vf-uid .
Sending build context to Docker daemon 23.06 MB
Step 1 : FROM busybox
---> 2b8fd9751c4c
Step 2 : RUN mkdir -p /data && echo "hello world" > /data/hello && chown -R 1000 /data
---> Using cache
---> 41390b132940
Successfully built 41390b132940
$ docker run -v test-vol:/data --rm -it test-vf ls -alR /data
/data:
total 12
drwxr-xr-x 2 1000 root 4096 Sep 19 15:26 .
drwxr-xr-x 19 root root 4096 Sep 19 15:26 ..
-rw-r--r-- 1 1000 root 12 Aug 22 11:43 hello
这篇关于挂载“命名体积”作为Docker的非根目录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!