Running docker on Ubuntu: mounted host volume is not writable from container

linux ubuntu docker docker-compose
38,509

Solution 1

If your uid on the host (id -u) isn't the same as the uid of the user in the docker container (often "docker") then you can have this problem. You can try:

  1. Making the UIDs the same between your user and the user in the docker container.
  2. Setting the group permissions on the directory to be writable for a group that both you and docker belong to.
  3. You could also use the nuclear option:

chmod a+rwx -R project-dir/

The nuclear option will make your git workspace filthy, which will annoy you greatly, so isn't the best long-term solution. It stops the bleeding tho.

For further understanding the problem, you might find these useful:

  1. https://github.com/docker/docker/issues/7906
  2. https://github.com/docker/docker/issues/7198

Solution 2

New answer:

This questions seems to have a lot of traffic and there is better solution available now - fixuid, as the name suggests it's a magic executable to change the container user's uid & gid on container startup (using -u somebody:somebody).

For a more in dept explanation see: https://boxboat.com/2017/07/25/fixuid-change-docker-container-uid-gid/

Old answer:

As of docker version 1.7 you have the option to mount a host directory with permissions to a container using the :Z or :z flags like so:

docker run -v ./api:/usr/src/app:Z
  • :z - will add permissions to all containers using label 'svirt_sandbox_file_t'
  • :Z - will add permissions only to the current container label

As of docker-compose v1.4.0, you can use it in docker compose like this:

volumes:
   - ./api:/usr/src/app:Z

Although I should add I still have some problems with this (see Adding permissions to host directory with docker-compose).

References:

Using Volumes with Docker can Cause Problems with SELinux - http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/

Docker user guide - https://docs.docker.com/engine/userguide/dockervolumes/#volume-labels

Docker-compose release notes for v1.4.0 - https://github.com/docker/compose/releases/tag/1.4.0

Share:
38,509
Hans de Wit
Author by

Hans de Wit

TL;DR: I can't complain :) I lead teams of Ruby on Rails and ReactJS developers. I feel very lucky to be at the very start of the Decisely's software division: from 1st line of code to the deployed suite of applications that help make Decisely and its wonderful people successful at their jobs. Being able to build a team of great software engineers from scratch is a privilege. https://twitter.com/ashovik https://github.com/alex-kovshovik https://shovik.com https://vindeals.ca/about

Updated on July 22, 2022

Comments

  • Hans de Wit
    Hans de Wit almost 2 years

    Docker works great on a Mac for me, but I have to run docker host inside of a VirtualBox (or Parallels, or VMWare Fusion), since Mac's kernel doesn't support docker.

    So I tried to setup my application and a docker-compose on an Ubuntu Desktop - natively, where both docker client and docker host run physically on the same system. This worked, but my running docker containers can't write into a mounted host volume.

    I use docker-compose with the following settings:

    volumes:
   - ./api:/usr/src/app

    So I'm mounting the "api" directory of the host Ubuntu OS into docker container under /usr/src/app.

    docker inspect <container ID> shows that the volume is writable

    "Destination": "/usr/src/app",
"Mode": "rw",
"RW": true

    However it is not: I get permission denied when I try to create a directory or edit a file from within the docker container.

    I googled for this issue, of course, and I came across a few SELinux issues of CentOS/RHEL, but I'm running Ubuntu 15.10, 64 bit edition, not CentOS.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

docker-compose up leads to "client and server don't have same version (client : 1.14, server: 1.12)" error but client and server have the same version
Hidden file .env not copied using Docker COPY
sudo: docker-compose: command not found
How to remount the /proc filesystem in a docker as a r/w system?
Docker container exited with exit code 2 "sh can't open 'start_script.sh': No such file or directory"
nslookup reported "can't resolve '(null)': Name does not resolve" though it successfully resolved the DNS names
Docker-Compose: Service xxx depends on service xxx which is undefined
How to install docker-compose offline?
docker: Couldn't connect to Docker daemon
Is it possible to run a 10.04 or 12.04 or earlier LTS containerized under LXC or Docker on Trusty?