访问 Docker 中的主机目录的权限被拒绝 [英] Permission denied on accessing host directory in Docker
问题描述
我试图在 Docker 中挂载一个主机目录,但随后我无法从容器内访问它,即使访问权限看起来不错.
I am trying to mount a host directory in Docker, but then I can not access it from within the container, even if the access permissions look good.
我在做
sudo docker run -i -v /data1/Downloads:/Downloads ubuntu bash
然后
ls -al
它给了我:
total 8892
drwxr-xr-x. 23 root root 4096 Jun 18 14:34 .
drwxr-xr-x. 23 root root 4096 Jun 18 14:34 ..
-rwxr-xr-x. 1 root root 0 Jun 18 14:34 .dockerenv
-rwx------. 1 root root 9014486 Jun 17 22:09 .dockerinit
drwxrwxr-x. 18 1000 1000 12288 Jun 16 11:40 Downloads
drwxr-xr-x. 2 root root 4096 Jan 29 18:10 bin
drwxr-xr-x. 2 root root 4096 Apr 19 2012 boot
drwxr-xr-x. 4 root root 340 Jun 18 14:34 dev
drwxr-xr-x. 56 root root 4096 Jun 18 14:34 etc
drwxr-xr-x. 2 root root 4096 Apr 19 2012 home
还有更多类似的行(我认为这是相关部分).
and a lot more lines like that (I think this is the relevant portion).
如果我这样做
cd /Downloads
ls
结果是
ls: cannot open directory .: Permission denied
主机是 Fedora 20,带有 Docker 1.0.0 和 go1.2.2.
The host is Fedora 20, with Docker 1.0.0 and go1.2.2.
出了什么问题?
推荐答案
参见 这篇关于 Volumes 和 SELinux 的 Project Atomic 博客文章 了解全文.
特别是:
最近这变得更容易了,因为 Docker 终于合并了一个补丁将出现在 docker-1.7(我们已经在RHEL、CentOS 和 Fedora 上的 docker-1.6).
This got easier recently since Docker finally merged a patch which will be showing up in docker-1.7 (We have been carrying the patch in docker-1.6 on RHEL, CentOS, and Fedora).
这个补丁增加了对z"的支持和Z"作为卷上的选项挂载 (-v).
This patch adds support for "z" and "Z" as options on the volume mounts (-v).
例如:
docker run -v /var/db:/var/db:z rhel7 /bin/sh
会自动执行chcon -Rt svirt_sandbox_file_t/var/db
手册页中描述.
Will automatically do the chcon -Rt svirt_sandbox_file_t /var/db
described in the man page.
更好的是,您可以使用 Z.
Even better, you can use Z.
docker run -v /var/db:/var/db:Z rhel7 /bin/sh
这将使用准确的 MCS 标记容器内的内容容器将运行的标签,基本上它运行 chcon -Rt svirt_sandbox_file_t -l s0:c1,c2/var/db
其中 s0:c1,c2
不同每个容器.
This will label the content inside the container with the exact MCS
label that the container will run with, basically it runs chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db
where s0:c1,c2
differs for
each container.
这篇关于访问 Docker 中的主机目录的权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!