7

I am new to docker and trying to create docker file from SLES 15 base image:

FROM <base image - SLES 15 >

LABEL <label> \
    Version="1.0"

In docker-compose.yml , I have mentioned :

working_dir: $PWD
volumes:
      - $PWD/../../:$PWD/../../

When I start docker container, I am not able to access any file or directory with following error:

 ls: cannot access '<directory/file name>': Operation not permitted 
total 0
d????????? ? ? ? ?            ? <directory-name>

I tries possible solutions suggested like :

  1. Setting file permissions with chown/chmod
  2. Disable selinux

Any idea about root cause of this issue and possible solution?

Similar issue from stackoverflow : No access rights in Docker Container when using SLES15 and *Suse Container

Noam Yizraeli
  • 4,446
  • 18
  • 35
Mangesh Patil
  • 109
  • 2
  • 8
  • if following on the thread you've linked to, have you tried doing a similar operation on another distro image like debian – Noam Yizraeli Jan 14 '22 at 18:25
  • I did try with CentOS7 based image and didn't see any issue there. I could access files/directories using "ls -n" with no permission issue – Mangesh Patil Jan 14 '22 at 21:29
  • maybe its a user permission issue? try using the `id` command with each image to see with what user are you running in them – Noam Yizraeli Jan 15 '22 at 09:04
  • I did try permission settings using chown/chmod. I have verified that ``id`` ( user and group ) is 0 and user is root inside container. I also tried to set it specific to user group of my local machine where I am trying to run container. I am still getting ``ls: cannot access '': Operation not permitted `` when trying ``ls -n`` or ``ls -l`` – Mangesh Patil Jan 19 '22 at 03:18
  • I tried to start container with same UID and GID of an host machine : 'docker-compose run --user 1000:1000 bash'. even with this facing same issue. – Mangesh Patil Jan 20 '22 at 17:59
  • maybe try with `--priveledged` and `-u 0`? – Noam Yizraeli Jan 21 '22 at 08:34
  • I updated my docker file ``RUN useradd -ms /bin/bash -u 1000 -U dockerbuilduser && \ echo "dockerbuilduser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/dockerbuilduser && \ mkdir /home/dockerbuilduser/.gradle && \ chown 1000:1000 /home/dockerbuilduser && \ chmod 777 -R /home/dockerbuilduser && \ chmod 0400 /etc/sudoers.d/dockerbuilduser USER dockerbuilduser `` Created user with same uid of host machine user and also assigned ownership. Still when I do `cd /home/dockerbuilduser` and then `ls -l` I get permission error. same error for newly created folder as well – Mangesh Patil Jan 21 '22 at 17:43
  • 1
    Yes after running container with `--privileged` flag. I could run `ls -l` without permission error. However as per my understanding it is not recommended to use privileged containers. How can I solve this issue without privileged container. – Mangesh Patil Jan 21 '22 at 17:49
  • that's good progress! to what user\privildges did it achieve? have you tried changing ownership to `nobody:nogroup`? do you have a requirement to use this exact distro? – Noam Yizraeli Jan 22 '22 at 09:56
  • Yes. For privileged mode - When I don't add any user in Dockerfile, It defaults to root with output as `drwxrwxrwx 1 0 0 27 Jan 24 17:24 ` ( i.e. uid and gid as 0 and user as root ) . If I add dockerbuilduser then it's `drwxrwxrwx 1 1000 1000 27 Jan 24 17:24 ` ( i.e. uid and gid as 1000 and user as dockerbuilduser). Sorry I didn't understand your point about changing ownership to `nobody:nogroup`. Yes I have requirement to use this exact distro. – Mangesh Patil Jan 24 '22 at 17:55
  • with the `dockerbuilduser` user, did it work? – Noam Yizraeli Jan 25 '22 at 13:18
  • 1
    I could deduce possible issue today. Actually It was my mistake to try running SLES based docker container on CentOS based host machine. That was the reason of permission issue. When I use SLES based host machine there are no permission issues. Sorry for the confusion. Thanks Noam for all your inputs. It helped me to understand the docker concepts. – Mangesh Patil Jan 25 '22 at 20:10
  • could you elaborate on the difference in permissions? why would two contradict if both based on the linux kernel? please add this to the final answer – Noam Yizraeli Jan 26 '22 at 12:09
  • See response https://stackoverflow.com/a/71647888/6747280 : update libseccomp on host to at least 2.5.2. – Labo RMIB Mar 28 '22 at 14:22

2 Answers2

2

I was getting permission issues because I was running SLES based docker container inside CentOS based host machine. If I use SLES based host machine, I could run the container without any permission issue.

Mangesh Patil
  • 109
  • 2
  • 8
0

in my case I fixed it by upgrading docker to latest version.

reference link.

yu yang Jian
  • 6,680
  • 7
  • 55
  • 80