在Docker容器中以root用户身份被拒绝的权限 [英] Permission denied as root in docker containers

问题描述

最近几天，我在构建或运行Docker容器时遇到一些问题.

In the last couple of days I'm having some issues at building or running docker containers.

似乎root用户没有访问文件系统的权限.

It seems that root doesn't have permission of having access to the filesystem.

例如.我已经创建了这个非常简单的Dockerfile

Eg. I've created this very simple Dockerfile

FROM centos

RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate

当我尝试构建图像时出现错误

and when I try to build the image I get the error

Step 1/2 : FROM centos
 ---> 470671670cac
Step 2/2 : RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate
 ---> Running in f7b32a009a74
uid=0(root) gid=0(root) groups=0(root)
-rwxr-xr-x 1 root root 1954 Dec 19 15:43 /usr/bin/dnf-3
lrwxrwxrwx 1 root root    5 Dec 19 15:43 /usr/bin/yum -> dnf-3
/usr/libexec/platform-python: can't open file '/usr/bin/yum': [Errno 13] Permission denied
The command '/bin/sh -c id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate' returned a non-zero code: 2

这个问题似乎更普遍，因为即使是ubuntu或alpine我也遇到类似的错误，因此我怀疑与Ubuntu有关.

The issue seems to be more generic as even with ubuntu or alpine I get similar errors, so I suspect is related to Ubuntu.

请考虑一下，我可以毫无问题地执行任何任务.

Consider that before I could perform any task without problems.

我曾尝试添加功能并停止apparmor，但这没有任何效果.

I've tried adding capabilities and stopping apparmor but it doesn't have any effect.

Docker信息

Client:
 Debug Mode: false

Server:
 Containers: 18
  Running: 0
  Paused: 0
  Stopped: 18
 Images: 20
 Server Version: 19.03.8
 Storage Driver: overlay2
  Backing Filesystem: <unknown>
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: 
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-31-generic
 Operating System: Ubuntu Core 16
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.475GiB
 Name: gurdulu-xps
 ID: E5JA:3WKI:JWFQ:M5J2:CAZ7:VVKI:2ADB:3W7W:F3F4:VYXZ:7JLP:R7C4
 Docker Root Dir: /var/snap/docker/common/var-lib-docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

推荐答案

与快照结合使用时具有保护作用. snap安装随附的配置文件在过去几天中以某种方式变得无效.

It was apparmor in combination with snap. The profile coming with the snap installation had in some way become invalid in the last couple of days.

说实话，我没有进行调查，而是尝试删除了快照并使用apt安装.

To be honest I didn't investigate and tried removing the snap and installing with apt.

现在可以正常工作了.

这篇关于在Docker容器中以root用户身份被拒绝的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！