Can't access mounted host directory in Docker container

Question

I'm trying to get my Docker container to read and write to a host directory.

I run the container with:

docker run -it -v $(pwd):/file logstash-5.1.2

Inside the container, I can see that /file has the uid of my (non-root) user on the host, and the same permissions as that on the host:

drwxrwxrwx.   2 1156 1156 4096 Jul 21 05:00 file

and that root can't access /file.

root@c642b0c37e09:~# ls /file
ls: cannot open directory /file: Permission denied

I've read posts about creating a user in the container with the same uid as the host, but that seems to be frowned upon.

Why can't root access the directory? I thought it could do everything.
What's the best way to have the container read and write to the mounted directory, which is not owned by root, in Docker?
We're also using Rancher. Does that make it easier? I haven't yet come across something different there, mainly as I'm trying to see if I can do it purely within Docker.

Tunceren · Accepted Answer · 2017-07-21 08:08:08Z

0

You should change the context as svirt_sandbox_file_t to let container access this folder in this context.

If you are sure about folder permission then just only try;

chcon  -R -t svirt_sandbox_file_t /your/host/path

If are not sure try;

chown  -R groupId:userId /your/host/path
chcon  -R -t svirt_sandbox_file_t /your/host/path

In here chcon command applies the SELinux context with changing the context of "/your/host/path" to the svirt_sandbox_file_t.

answered Jul 21, 2017 at 8:08

Tunceren

7741 gold badge8 silver badges16 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Or use audit2allow to change the contexts for you.