[Linux]CentOS 7 docker掛載資料夾會出現 Permission Denied
最近在研究 Linux Service
在 CentOS7
上跑docker
, 理論上只要寫好 docker-compose
跟一些設定檔即可.
但最後在跑的時候總是會出現要掛載的 **volume
**會出現 Permission Denied
(即便是把檔案屬性設定為777…)
最後繞了一圈發現, 這是在有 **SELinux
**的作業系統環境下會出現的(RHEL, CentOS以及Fedora)
解決方式有二
-
A方案 : 下
chcon
指令增加權限
chcon -Rt svirt_sandbox_file_t /your/conf/file
有關於 **chcon
**的說明可看此份文件
-
B方案 : 直接在compose檔案中新增
:Z
讓docker自動處理
volumes:
- ./conf/some-conf:/etc/service/service.conf:Z
直接在最後面加上:Z
再去跑即可
其實在 man docker run
底下(很下面)也會看到, 只是很少會去看(誤)
Mounting External Volumes
To mount a host directory as a container volume, specify the absolute path to the directory and the absolute path for the container directory separated by a
colon:
# docker run -v /var/db:/data1 -i -t fedora bash
When using SELinux, be aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy is enforced, the
/var/db directory is not writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog.
To work around this, at time of writing this man page, the following command needs to be run in order for the proper SELinux policy type label to be attached to
the host directory:
# chcon -Rt svirt_sandbox_file_t /var/db
Now, writing to the /data1 volume in the container will be allowed and the changes will also be reflected on the host in /var/db.