I’m having trouble understanding how to get the LSIO image volumes to mount and not give permissions errors.
Here are the steps to reproduce the problem I’m encountering.
- Create a directory on the host to use as a volume on the LSIO guest
mkdir /var/local/dockertest - Chown the directory to a UID that we want to use
chown 3000:3000 /var/local/dockertest - Run an LSIO image, in this case just the alpine base image
docker run \ --env PUID=3000 \ --env PGID=3000 \ --mount type=bind,src=/var/local/dockertest,dst=/config \ ghcr.io/linuxserver/baseimage-alpine:3.13 \ uname
This should spawn a docker container, map the /var/local/dockertest directory on the host to the /config directory in the container, run uname and exit
When I run this though the container spawns and shows this output
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 3000
User gid: 3000
-------------------------------------
chown: changing ownership of '/config': Operation not permitted
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Linux
[cmd] uname exited 0
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
Note the error
chown: changing ownership of '/config': Operation not permitted
This happens if I
- chown
/var/local/dockertestto root - chmod
/var/local/dockertestto 777 - remove
--env PUID=3000 --env PGID=3000from docker run
If I go into the container and look at the /config directory, it’s owned by nobody:nobody
The only thing that prevents this permission issue that I’ve found is if I don’t mount the volume. This works and doesn’t give the permission error.
docker run ghcr.io/linuxserver/baseimage-alpine:3.13 uname
How is this meant to work? How does one take advantage of the /config mountable volume and the PUID/GUID environment variables?
My goal is to be able to run an s6 managed process in the LSIO container as a UID of say 3000 and then have a directory host that’s also owned by UID 3000 and mount it to /config
Thanks in advance for any guidance on how I’m thinking about this wrong.
This is on Docker 20.10.5 on Ubuntu 20.04
Update
Attempting this same sequence on an Ubuntu 18.04 installation running the same version of docker, Docker 20.10.5, does not reproduce the problem.
- I’ve tried disabling Apparmor but that doesn’t resolve the issue
- On both hosts I have
/etc/subuidand/etc/subgidfiles created for isolating containers with a user namespace which may be affecting things. I’ll explore this