1

This only happens with docker inside minikube operating on host using minikube docker eval (minikube docker-env)

Trying to build a basic setup with Nginx serving a single file:

conf.d/example.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name localhost;
  location /file.json { root /data/; }
}

data/file.json

{"a": 1}

Run using docker nginx image:

docker run -it --rm -v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro -p 8085:80 nginx

curl http://localhost/file.json gives me 2017/02/01 19:07:39 [error] 6#6: *1 open() "/data/file.json" failed (13: Permission denied)...

Cannot figure out how to make this right... Help wanted!

What I've tried so far:

  1. providing a custom command like chmod -R o+x /data && ls -la data && nginx -g "daemon off;" -rwxrwx--- 1 root 1013 11 Feb 1 13:08 /data/file.json chmod does not seem to work properly. neither chown :( $ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'chown -R nginx:nginx /data/ && ls -la /data/ && nginx -g daemon off;"' total 8 drwxrwx--- 1 root 1013 102 Feb 1 13:08 . drwxr-xr-x 1 root root 4096 Feb 1 19:50 .. -rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json

  2. setting a docker user to nginx

  3. chmod -R 777 data on host $ ls -la data drwxrwxrwx 3 antonk staff 102 Feb 1 17:08 data $ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'ls -la /data/ && nginx -g "daemon off;"' total 8 drwxrwx--- 1 root 1013 102 Feb 1 13:08 . drwxr-xr-x 1 root root 4096 Feb 1 20:20 .. -rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json

    $ docker version Client: Version: 1.13.1-rc1 API version: 1.23 Go version: go1.7.4 Git commit: 2527cfc Built: Sat Jan 28 00:43:00 2017 OS/Arch: darwin/amd64

    Server: Version: 1.11.1 API version: 1.23 (minimum version ) Go version: go1.5.4 Git commit: 5604cbe Built: Wed Apr 27 00:34:20 2016 OS/Arch: linux/amd64 Experimental: false

    minikube version: v0.15.0

https://github.com/kubernetes/minikube/issues/1067

melekes
  • 1,880
  • 2
  • 24
  • 30
  • Are you running this under the /Users folder? Please include a long listing of the directory on both your host and inside the container after you ran the chmod on the host. – BMitch Feb 01 '17 at 19:48
  • Yes, /Users/... on my Mac – melekes Feb 01 '17 at 20:00
  • All of the output you've provided is running the command inside a container. Where is the output from running the command on your host, without any docker command? – BMitch Feb 01 '17 at 20:17
  • What does `echo $(PWD)` output? – BMitch Feb 01 '17 at 20:34
  • /Users/antonk/... – melekes Feb 01 '17 at 20:39
  • Fixed by upgrading to the newer image (`minikube start --iso-url=https://storage.googleapis.com/minikube/iso/minikube-v1.0.5.iso`). See the issue for details – melekes Feb 01 '17 at 21:52

1 Answers1

1

When you map directories from the host directly into your container with volume mounts like these:

docker run -it --rm \
  -v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro \
  -p 8085:80 nginx

The files are mounted directly in with the same uid's and file permissions you have on your host. Most likely your UID/GID on your host does not match those used inside the container. So if the files are not publicly readable on your host, they will not be readable inside the container. You can work around this with the following on your host:

chmod o+rx data && chmod o+r data/file.json
BMitch
  • 231,797
  • 42
  • 475
  • 450
  • 1
    no luck both on host and docker sides `docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'chmod -R 777 /data/ && ls -la /data/file.json && nginx -g "daemon off;"' -rwxrwx--- 1 root 1013 11 Feb 1 13:08 /data/file.json` chmod does not seem to work properly – melekes Feb 01 '17 at 19:39
  • Did you actually run the command on the host? Since you mounted the volume RO, there's no way to modify it in the container. – BMitch Feb 01 '17 at 19:40
  • notice `-v "$(PWD)/data:/data"` do not have `ro` flag in my comment – melekes Feb 01 '17 at 19:44
  • I totally forgot about minikube context https://github.com/kubernetes/minikube, sorry. Docker on my Mac works fine! I think this is a minikube issue. Thank you for your help! – melekes Feb 01 '17 at 20:35
  • Yeah, minikube is a completely different question. I'm not sure if they even support host volumes or if they share any folders from MacOS into their embedded VM. – BMitch Feb 01 '17 at 20:59