在Docker容器中以root用户身份被拒绝的权限 [英] Permission denied as root in docker containers
问题描述
最近几天,我在构建或运行Docker容器时遇到一些问题.
In the last couple of days I'm having some issues at building or running docker containers.
似乎root用户没有访问文件系统的权限.
It seems that root doesn't have permission of having access to the filesystem.
例如.我已经创建了这个非常简单的Dockerfile
Eg. I've created this very simple Dockerfile
FROM centos
RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate
当我尝试构建图像时出现错误
and when I try to build the image I get the error
Step 1/2 : FROM centos
---> 470671670cac
Step 2/2 : RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate
---> Running in f7b32a009a74
uid=0(root) gid=0(root) groups=0(root)
-rwxr-xr-x 1 root root 1954 Dec 19 15:43 /usr/bin/dnf-3
lrwxrwxrwx 1 root root 5 Dec 19 15:43 /usr/bin/yum -> dnf-3
/usr/libexec/platform-python: can't open file '/usr/bin/yum': [Errno 13] Permission denied
The command '/bin/sh -c id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate' returned a non-zero code: 2
这个问题似乎更普遍,因为即使是ubuntu或alpine我也遇到类似的错误,因此我怀疑与Ubuntu有关.
The issue seems to be more generic as even with ubuntu or alpine I get similar errors, so I suspect is related to Ubuntu.
请考虑一下,我可以毫无问题地执行任何任务.
Consider that before I could perform any task without problems.
我曾尝试添加功能并停止apparmor,但这没有任何效果.
I've tried adding capabilities and stopping apparmor but it doesn't have any effect.
Docker信息
Client:
Debug Mode: false
Server:
Containers: 18
Running: 0
Paused: 0
Stopped: 18
Images: 20
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version:
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-31-generic
Operating System: Ubuntu Core 16
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.475GiB
Name: gurdulu-xps
ID: E5JA:3WKI:JWFQ:M5J2:CAZ7:VVKI:2ADB:3W7W:F3F4:VYXZ:7JLP:R7C4
Docker Root Dir: /var/snap/docker/common/var-lib-docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
推荐答案
与快照结合使用时具有保护作用. snap安装随附的配置文件在过去几天中以某种方式变得无效.
It was apparmor in combination with snap. The profile coming with the snap installation had in some way become invalid in the last couple of days.
说实话,我没有进行调查,而是尝试删除了快照并使用apt安装.
To be honest I didn't investigate and tried removing the snap and installing with apt.
现在可以正常工作了.
这篇关于在Docker容器中以root用户身份被拒绝的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!