Running docker on Ubuntu: mounted host volume is not writable from container
Solution 1
If your uid
on the host (id -u
) isn't the same as the uid
of the user in the docker container (often "docker") then you can have this problem. You can try:
- Making the UIDs the same between your user and the user in the docker container.
- Setting the group permissions on the directory to be writable for a group that both you and docker belong to.
- You could also use the nuclear option:
chmod a+rwx -R project-dir/
The nuclear option will make your git
workspace filthy, which will annoy you greatly, so isn't the best long-term solution. It stops the bleeding tho.
For further understanding the problem, you might find these useful:
Solution 2
New answer:
This questions seems to have a lot of traffic and there is better solution available now - fixuid, as the name suggests it's a magic executable to change the container user's uid & gid on container startup (using -u somebody:somebody).
For a more in dept explanation see: https://boxboat.com/2017/07/25/fixuid-change-docker-container-uid-gid/
Old answer:
As of docker version 1.7 you have the option to mount a host directory with permissions to a container using the :Z or :z flags like so:
docker run -v ./api:/usr/src/app:Z
- :z - will add permissions to all containers using label 'svirt_sandbox_file_t'
- :Z - will add permissions only to the current container label
As of docker-compose v1.4.0, you can use it in docker compose like this:
volumes:
- ./api:/usr/src/app:Z
Although I should add I still have some problems with this (see Adding permissions to host directory with docker-compose).
References:
Using Volumes with Docker can Cause Problems with SELinux - http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/
Docker user guide - https://docs.docker.com/engine/userguide/dockervolumes/#volume-labels
Docker-compose release notes for v1.4.0 - https://github.com/docker/compose/releases/tag/1.4.0
Hans de Wit
TL;DR: I can't complain :) I lead teams of Ruby on Rails and ReactJS developers. I feel very lucky to be at the very start of the Decisely's software division: from 1st line of code to the deployed suite of applications that help make Decisely and its wonderful people successful at their jobs. Being able to build a team of great software engineers from scratch is a privilege. https://twitter.com/ashovik https://github.com/alex-kovshovik https://shovik.com https://vindeals.ca/about
Updated on July 22, 2022Comments
-
Hans de Wit almost 2 years
Docker works great on a Mac for me, but I have to run docker host inside of a VirtualBox (or Parallels, or VMWare Fusion), since Mac's kernel doesn't support docker.
So I tried to setup my application and a docker-compose on an Ubuntu Desktop - natively, where both docker client and docker host run physically on the same system. This worked, but my running docker containers can't write into a mounted host volume.
I use docker-compose with the following settings:
volumes: - ./api:/usr/src/app
So I'm mounting the "api" directory of the host Ubuntu OS into docker container under /usr/src/app.
docker inspect <container ID>
shows that the volume is writable"Destination": "/usr/src/app", "Mode": "rw", "RW": true
However it is not: I get
permission denied
when I try to create a directory or edit a file from within the docker container.I googled for this issue, of course, and I came across a few SELinux issues of CentOS/RHEL, but I'm running Ubuntu 15.10, 64 bit edition, not CentOS.