patternMajor
Permission denied within mounted volume inside Podman container
Viewed 0 times
mountedcontainerpermissiondeniedwithinpodmanvolumeinside
Problem
I am starting to learn about containers using
As you can see, I've installed the most basic
I next build the container image in the host directory containing the
I then start the container with this command
Where
However, I have absolutely no read/write access to
I also tried
```
...
"Mounts": [
{
"Type": "bind",
"Name": "",
"Source": "/host/foobar",
"Destination": "/src_dir",
"Driver": "",
"Mode": "",
podman that came with RHEL8.1 (which AFAIK can be used in place of docker), and have the following baby Dockerfile as a learning exercise:# Use Alpine Linux base image
FROM alpine:latest
# Install pacakges
RUN apk --no-cache add bash gcc make
# Make a directory for source code
RUN mkdir /src_dir
# Set working directory to the same directory
WORKDIR /src_dir
# Set this directory as a volume
VOLUME [ "/src_dir" ]As you can see, I've installed the most basic
gcc and make into this container with the goal of mounting a set of source files on my container host into the /src_dir directory within the container.I next build the container image in the host directory containing the
Dockerfile:podman build -t my_image .I then start the container with this command
podman run -it -v /host/foobar:/src_dir /bin/bashWhere
/host/foobar/ on my host is an arbitrary directory containing some arbitrary source code, all of which my local user on the host has full read/write access to. For example, there is one file /host/foobar/test.c. This then brings me to a bash prompt inside the container. I can see that I'm at the correct place because:bash-5.0# pwd
/src_dirHowever, I have absolutely no read/write access to
/src_dir. Both ls -lh and cat test.c gave me permission denied errors. If I change to the root directory (or any other directory) of the container, I can see and access other things. Strangely, if I run ls -lh / I can see /src_dir as being owned by root:root, so I don't understand why as the container's root user I can't access anything in it.I also tried
podman inspect [container ID], and in the output I can see:```
...
"Mounts": [
{
"Type": "bind",
"Name": "",
"Source": "/host/foobar",
"Destination": "/src_dir",
"Driver": "",
"Mode": "",
Solution
Thanks to the people here, the solution is quite simple (but not obvious):
My GNU/Linux container host has SELinux activated, and that's why I was having permissions problems. The solution is to simply append a
becomes this:
That's it.
My GNU/Linux container host has SELinux activated, and that's why I was having permissions problems. The solution is to simply append a
:z to the podman run volume argument so that this:podman run -it -v /host/foobar:/src_dir /bin/bashbecomes this:
podman run -it -v /host/foobar:/src_dir:z /bin/bashThat's it.
Context
StackExchange DevOps Q#11267, answer score: 20
Revisions (0)
No revisions yet.