Docker挂载主机目录Docker访问出现Permission denied的解决办法
程序员文章站
2022-03-03 09:04:29
...
Docker挂载主机目录,访问相应的文件出现Premission denied的权限访问问题,
[[email protected] soft]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos 7.2.1511 686672a1d0cc 5 weeks ago
//将主机上的/soft目录挂载到docker的/soft目录,前面的是主机目录,后面的是docker的目录。
docker run -i -t -v /soft:/soft 686672a1d0cc /bin/bash
挂载后,查看相应的文件出现如下的提示:
[[email protected] soft]# ls
ls: cannot access jdk-8u102-linux-x64.tar.gz: Permission denied
hadoop-2.7.2.tar.gz jdk-8u102-linux-x64.tar.gz
问题原因及解决办法
原因是CentOS7中的安全模块selinux把权限禁掉了,至少有以下三种方式解决挂载的目录没有权限的问题:
1.在运行容器的时候,给容器加特权,及加上 --privileged=true 参数:
docker run -i -t -v /soft:/soft --privileged=true 686672a1d0cc /bin/bash
2.临时关闭selinux:
setenforce 0
3.添加selinux规则,改变要挂载的目录的安全性文本
# 更改安全性文本的格式如下
chcon [-R] [-t type] [-u user] [-r role] 文件或者目录
选顷不参数:
-R :连同该目录下癿次目录也同时修改;
-t :后面接安全性本文的类型字段!例如 httpd_sys_content_t ;
-u :后面接身份识别,例如 system_u;
-r :后面街觇色,例如 system_r
[[email protected] Desktop]# chcon --help
Usage: chcon [OPTION]... CONTEXT FILE...
or: chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
or: chcon [OPTION]... --reference=RFILE FILE...
Change the SELinux security context of each FILE to CONTEXT.
With --reference, change the security context of each FILE to that of RFILE.
Mandatory arguments to long options are mandatory for short options too.
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
-u, --user=USER set user USER in the target security context
-r, --role=ROLE set role ROLE in the target security context
-t, --type=TYPE set type TYPE in the target security context
-l, --range=RANGE set range RANGE in the target security context
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's security context rather than specifying
a CONTEXT value
-R, --recursive operate on files and directories recursively
-v, --verbose output a diagnostic for every file processed
The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the final
one takes effect.
-H if a command line argument is a symbolic link
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
GNU coreutils online help: <http://www.gnu.org/software/coreutils/>
For complete documentation, run: info coreutils 'chcon invocation'
在主机中修改/soft目录的安全性文
在docker中就可以正常访问该目录下的相关资源了。
转载于:https://my.oschina.net/zhougui/blog/916463
上一篇: Docker Compose容器编排
下一篇: Docker Compose简介和安装
推荐阅读
-
Docker -v 对挂载的目录没有权限 Permission denied
-
Docker挂载主机目录ls: cannot open directory .: Permission denied
-
docker 挂载主机目录访问报错Permission denied 解决办法
-
docker 容器挂载主机目录,访问出现 cannot open directory /mnt/home/webroot/: Permission denied 的解决办法...
-
Docker -v 对挂载的目录没有权限 Permission denied
-
Docker挂载主机目录Docker访问出现Permission denied的解决办法
-
Docker挂载主机目录Docker访问出现Permission denied的解决办法
-
Docker挂载主机目录Docker访问出现Permission denied的解决办法
-
Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied的解决办法
-
Docker挂载主机目录Docker访问出现Permission denied的解决办法