各种Docker容器路径已开始失败,并在Linux Mint上出现权限错误 [英] Various Docker container paths have started failing with permission errors on Linux Mint
问题描述
我正在Linux Mint Docker主机上开发一个Node多容器应用程序,并通过Snapcraft安装了Docker和Docker Compose.有四个容器,其中两个具有针对主机上项目文件夹的绑定装入卷.这都是很标准的东西.
I am developing a Node multi-container application on a Linux Mint Docker host, with Docker and Docker Compose installed via Snapcraft. There are four containers, and two of them have bind-mount volumes against project folders on the host. This is all pretty standard stuff.
几天前,某些容器开始因权限错误而失败.这是我的Docker Compose命令,以及来自失败容器的日志:
A couple of days ago, some of the containers started to fail with permission errors. Here is my Docker Compose command, and the logs from the failing containers:
$ docker-compose -f docker-compose.yml -f docker-compose-dev.yml up --no-build
Creating network "frontend_default" with the default driver
Creating frontend_mysql_1 ... done
Creating frontend_reverse-proxy_1 ... done
Creating frontend_api_1 ... done
Creating frontend_frontend_1 ... done
Attaching to frontend_reverse-proxy_1, frontend_mysql_1, frontend_api_1, frontend_frontend_1
api_1 | npm ERR! code EACCES
api_1 | npm ERR! syscall open
api_1 | npm ERR! path /root/.config/configstore/update-notifier-npm.json
api_1 | npm ERR! errno -13
api_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! You don't have access to this file.
api_1 | npm ERR!
api_1 | npm ERR! at Object.openSync (fs.js:440:3)
api_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
api_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
api_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
api_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
api_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
api_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
api_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11)
api_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! You don't have access to this file.
api_1 | npm ERR!
api_1 | npm ERR! at Object.openSync (fs.js:440:3)
api_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
api_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
api_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
api_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
api_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
api_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
api_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11) {
api_1 | npm ERR! stack: "Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'\n" +
api_1 | npm ERR! "You don't have access to this file.\n" +
api_1 | npm ERR! '\n' +
api_1 | npm ERR! ' at Object.openSync (fs.js:440:3)\n' +
api_1 | npm ERR! ' at Object.readFileSync (fs.js:342:35)\n' +
api_1 | npm ERR! ' at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)\n' +
api_1 | npm ERR! ' at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)\n' +
api_1 | npm ERR! ' at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)\n' +
api_1 | npm ERR! ' at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)\n' +
api_1 | npm ERR! ' at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)\n' +
api_1 | npm ERR! ' at processTicksAndRejections (internal/process/task_queues.js:76:11)',
api_1 | npm ERR! errno: -13,
api_1 | npm ERR! syscall: 'open',
api_1 | npm ERR! code: 'EACCES',
api_1 | npm ERR! path: '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! }
api_1 | npm ERR!
api_1 | npm ERR! The operation was rejected by your operating system.
api_1 | npm ERR! It is likely you do not have the permissions to access this file as the current user
api_1 | npm ERR!
api_1 | npm ERR! If you believe this might be a permissions issue, please double-check the
api_1 | npm ERR! permissions of the file and its containing directories, or try running
api_1 | npm ERR! the command again as root/Administrator.
api_1 |
api_1 | npm ERR! A complete log of this run can be found in:
api_1 | npm ERR! /root/.npm/_logs/2020-05-26T12_31_11_538Z-debug.log
api_1 | mysql_1 | /bin/bash: /usr/local/bin/docker-entrypoint.sh: Permission denied
reverse-proxy_1 | /bin/sh: can't open '/entrypoint.sh': Permission denied
frontend_reverse-proxy_1 exited with code 2
frontend_1 | npm ERR! code EACCES
frontend_1 | npm ERR! syscall open
frontend_1 | npm ERR! path /root/.config/configstore/update-notifier-npm.json
frontend_1 | npm ERR! errno -13
frontend_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! You don't have access to this file.
frontend_1 | npm ERR!
frontend_1 | npm ERR! at Object.openSync (fs.js:440:3)
frontend_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
frontend_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
frontend_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
frontend_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
frontend_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
frontend_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
frontend_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11)
frontend_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! You don't have access to this file.
frontend_1 | npm ERR!
frontend_1 | npm ERR! at Object.openSync (fs.js:440:3)
frontend_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
frontend_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
frontend_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
frontend_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
frontend_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
frontend_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
frontend_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11) {
frontend_1 | npm ERR! stack: "Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'\n" +
frontend_1 | npm ERR! "You don't have access to this file.\n" +
frontend_1 | npm ERR! '\n' +
frontend_1 | npm ERR! ' at Object.openSync (fs.js:440:3)\n' +
frontend_1 | npm ERR! ' at Object.readFileSync (fs.js:342:35)\n' +
frontend_1 | npm ERR! ' at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)\n' +
frontend_1 | npm ERR! ' at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)\n' +
frontend_1 | npm ERR! ' at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)\n' +
frontend_1 | npm ERR! ' at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)\n' +
frontend_1 | npm ERR! ' at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)\n' +
frontend_1 | npm ERR! ' at processTicksAndRejections (internal/process/task_queues.js:76:11)',
frontend_1 | npm ERR! errno: -13,
frontend_1 | npm ERR! syscall: 'open',
frontend_1 | npm ERR! code: 'EACCES',
frontend_1 | npm ERR! path: '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! }
frontend_1 | npm ERR!
frontend_1 | npm ERR! The operation was rejected by your operating system.
frontend_1 | npm ERR! It is likely you do not have the permissions to access this file as the current user
frontend_1 | npm ERR!
frontend_1 | npm ERR! If you believe this might be a permissions issue, please double-check the
frontend_1 | npm ERR! permissions of the file and its containing directories, or try running
frontend_1 | npm ERR! the command again as root/Administrator.
frontend_1 |
frontend_1 | npm ERR! A complete log of this run can be found in:
frontend_1 | npm ERR! /root/.npm/_logs/2020-05-26T12_31_12_821Z-debug.log
frontend_1 | frontend_mysql_1 exited with code 126
我不确定是什么原因造成的,因为开发机器上的主要功能都没有改变.我做了一些扎根,发现AppArmor已经开始失败.以下是主机上dmesg的一些日志:
I am not sure what would cause that, as nothing major has changed on the dev machine. I did some rooting around, and found that AppArmor had started failing. Here's some logs from dmesg on the host:
May 26 13:31:15 dev-VirtualBox kernel: [ 136.787188] audit: type=1400 audit(1590496275.941:68): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=6516 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:16 dev-VirtualBox kernel: [ 137.403740] audit: type=1400 audit(1590496276.557:69): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6252 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:17 dev-VirtualBox kernel: [ 137.959766] audit: type=1400 audit(1590496277.113:70): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=6683 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:17 dev-VirtualBox kernel: [ 138.388630] audit: type=1400 audit(1590496277.541:71): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=6561 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:19 dev-VirtualBox kernel: [ 140.765452] audit: type=1400 audit(1590496279.917:72): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6861 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 140.975698] audit: type=1400 audit(1590496280.129:73): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6942 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 140.996244] audit: type=1400 audit(1590496280.149:74): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7082 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 141.399142] audit: type=1400 audit(1590496280.553:75): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=7162 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 141.521377] audit: type=1400 audit(1590496280.673:76): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=7185 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:24 dev-VirtualBox kernel: [ 145.403602] audit: type=1400 audit(1590496284.557:77): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7312 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:32 dev-VirtualBox kernel: [ 153.298729] audit: type=1400 audit(1590496292.453:78): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7452 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:46 dev-VirtualBox kernel: [ 166.995319] audit: type=1400 audit(1590496306.149:79): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7610 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:32:12 dev-VirtualBox kernel: [ 193.228513] audit: type=1400 audit(1590496332.381:80): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7788 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:32:55 dev-VirtualBox kernel: [ 236.569562] audit: type=1400 audit(1590496375.721:81): apparmor="DENIED" operation="open" profile="snap.docker.compose" name="/proc/7907/mounts" pid=7907 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
因此,它看起来像是AppArmor问题. AppArmor可能已经进行了系统更新,但据我所知我尚未对其进行专门更改.恢复Docker正常运行该怎么办?
So, it looks like an AppArmor problem. It is possible that AppArmor has had a system update, but I have not changed it specifically, as far as I know. What can I do to restore normal Docker operation?
推荐答案
这个问题很难找到,因为关于它的信息似乎很少.我的感觉是,它仅影响Snap中的Docker,而不影响其他方式安装的Docker.在该论坛主题中对此问题进行了讨论.
This problem was quite hard to track down, as there does not seem to be much information about for it. My sense is that it affects Docker only in Snap, and not Docker installed in other ways. The problem is discussed in this forum thread.
问题源于多虫的内核(在我的情况下为5.3.0-53),然后回落到以前安装的版本即可解决此问题.对我来说,这是5.3.0-51. 此错误报告指出该问题也出现在5.4.0-31,可以通过回退到5.4.0-29来解决.这说明了问题是如何单独出现的-通过系统更新交付了新内核.
The problem stems from a buggy kernel, in my case 5.3.0-53, and dropping back down to the previously installed version solves the problem. For me that is 5.3.0-51. This bug report indicates that the problem is also exhibited in 5.4.0-31, and that can be fixed by dropping back to 5.4.0-29. This explains how the problem manifested on its own - a new kernel was delivered via a system update.
我使用了此答案来修改Grub,以便它可以引导到较早的内核中.以下是针对同样问题的读者采取的步骤:
I used this answer to amend Grub so it boots into an older kernel. Here are the steps to take for readers with the same issue:
列出您当前的内核,以便您可以识别以前安装的内核:
List your currently kernels, so you can identify the previously installed kernel:
dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}'
确认问题出在哪个内核上
Confirm which kernel is the problem:
uname -r
您将需要更改/etc/default/grub中的启动选项,特别是一个名为GRUB_DEFAULT的值.通常为0,表示启动最新内核":
You will need to change the boot option in /etc/default/grub, specifically a value called GRUB_DEFAULT. This is normally 0 to mean "boot latest kernel":
GRUB_DEFAULT=0
您需要更改它,以便它指向特定的内核.因此,我的价值是:
You need to change this so it points to a specific kernel. My value is thus:
GRUB_DEFAULT="Advanced options for Linux Mint 19.3 Cinnamon>Linux Mint 19.3 Cinnamon, with Linux 5.3.0-51-generic"
这些是菜单字符串,我们要求Grub为我们自动选择.要找到您要的内容,请查看/boot/grub/grub.cfg,然后搜索关键字submenu以找到顶层元素,在这种情况下为"Linux Mint 19.3 Cinnamon的高级选项".从这一点开始,搜索menuentry来找到第二级元素,在这种情况下,该元素是"Linux Mint 19.3 Cinnamon,具有Linux 5.3.0-51-generic".子菜单有很多-您需要的版本是内核的倒数第二个版本.
These are menu strings, which we're asking Grub to auto-select for us. To discover what yours are, have a look in /boot/grub/grub.cfg, and search for the keyword submenu to find the top-level element, i.e. "Advanced options for Linux Mint 19.3 Cinnamon" in this case. From that point, search for menuentry to find the second-level element, which is "Linux Mint 19.3 Cinnamon, with Linux 5.3.0-51-generic" in this case. There are many submenus - you need the version for the penultimate version of the kernel.
将这两个字符串加在一起,在它们之间放置一个>,将它们用引号引起来,并将其用作您的GRUB_DEFAULT值.根据我先前链接的有用答案,明智的做法是在重新启动之前备份Grub文件,以防万一您遇到问题:
Add these two string together, put a > between them, wrap them in quotes, and use that as your GRUB_DEFAULT value. As per the useful answer I linked to earlier, it is sensible to take a backup of your Grub file before rebooting, in case you get something wrong:
sudo cp /etc/default/grub /etc/default/grub.bak
最后,您应该在更改后重新生成Grub菜单:
Finally, you should regen the Grub menu after your changes:
sudo update-grub
重新启动后,您应该发现Docker恢复正常.希望将发布一个新内核,这时需要手动将Grub切换回以跟踪最新版本(假设它将在下一个Linux版本中修复).
Once you reboot, you should find that Docker is back to normal. It is to be hoped that a new kernel will be released, at which point Grub will need to be manually switched back to track the latest version (assuming it shall be fixed in the next Linux release).
这篇关于各种Docker容器路径已开始失败,并在Linux Mint上出现权限错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
