在过去的几天里,我在构建或运行 docker 容器时遇到了一些问题。
似乎root没有访问文件系统的权限。
例如。我创建了这个非常简单的 Dockerfile
FROM centos
RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate
当我尝试构建图像时出现错误
Step 1/2 : FROM centos
---> 470671670cac
Step 2/2 : RUN id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate
---> Running in f7b32a009a74
uid=0(root) gid=0(root) groups=0(root)
-rwxr-xr-x 1 root root 1954 Dec 19 15:43 /usr/bin/dnf-3
lrwxrwxrwx 1 root root 5 Dec 19 15:43 /usr/bin/yum -> dnf-3
/usr/libexec/platform-python: can't open file '/usr/bin/yum': [Errno 13] Permission denied
The command '/bin/sh -c id && ls -l /usr/bin/yum /usr/bin/dnf-3 && yum install mlocate' returned a non-zero code: 2
这个问题似乎更普遍,因为即使使用 ubuntu 或 alpine 我也会遇到类似的错误,所以我怀疑与 Ubuntu 有关。
在我可以毫无问题地执行任何任务之前考虑一下。
我已经尝试添加功能并停止 apparmor,但它没有任何效果。
码头工人信息
Client:
Debug Mode: false
Server:
Containers: 18
Running: 0
Paused: 0
Stopped: 18
Images: 20
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version:
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-31-generic
Operating System: Ubuntu Core 16
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.475GiB
Name: gurdulu-xps
ID: E5JA:3WKI:JWFQ:M5J2:CAZ7:VVKI:2ADB:3W7W:F3F4:VYXZ:7JLP:R7C4
Docker Root Dir: /var/snap/docker/common/var-lib-docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support