HiveBrain v1.2.0
Get Started
← Back to all entries
patternMajor

Permission denied within mounted volume inside Podman container

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
mountedcontainerpermissiondeniedwithinpodmanvolumeinside

Problem

I am starting to learn about containers using podman that came with RHEL8.1 (which AFAIK can be used in place of docker), and have the following baby Dockerfile as a learning exercise:

# Use Alpine Linux base image
FROM alpine:latest

# Install pacakges
RUN apk --no-cache add bash gcc make

# Make a directory for source code
RUN mkdir /src_dir

# Set working directory to the same directory
WORKDIR /src_dir

# Set this directory as a volume
VOLUME [ "/src_dir" ]


As you can see, I've installed the most basic gcc and make into this container with the goal of mounting a set of source files on my container host into the /src_dir directory within the container.

I next build the container image in the host directory containing the Dockerfile:

podman build -t my_image .


I then start the container with this command

podman run -it -v /host/foobar:/src_dir /bin/bash


Where /host/foobar/ on my host is an arbitrary directory containing some arbitrary source code, all of which my local user on the host has full read/write access to. For example, there is one file /host/foobar/test.c. This then brings me to a bash prompt inside the container. I can see that I'm at the correct place because:

bash-5.0# pwd
/src_dir


However, I have absolutely no read/write access to /src_dir. Both ls -lh and cat test.c gave me permission denied errors. If I change to the root directory (or any other directory) of the container, I can see and access other things. Strangely, if I run ls -lh / I can see /src_dir as being owned by root:root, so I don't understand why as the container's root user I can't access anything in it.

I also tried podman inspect [container ID], and in the output I can see:

```
...
"Mounts": [
{
"Type": "bind",
"Name": "",
"Source": "/host/foobar",
"Destination": "/src_dir",
"Driver": "",
"Mode": "",

Solution

Thanks to the people here, the solution is quite simple (but not obvious):

My GNU/Linux container host has SELinux activated, and that's why I was having permissions problems. The solution is to simply append a :z to the podman run volume argument so that this:

podman run -it -v /host/foobar:/src_dir /bin/bash

becomes this:

podman run -it -v /host/foobar:/src_dir:z /bin/bash

That's it.

Context

StackExchange DevOps Q#11267, answer score: 20

Revisions (0)

No revisions yet.