原文链接:http://blog.csdn.net/rznice/article/details/52170085

Docker挂载主机目录,访问相应的文件出现Premission denied的权限访问问题,

[root@localhost soft]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos    7.2.1511            686672a1d0cc        5 weeks ago  
//将主机上的/soft目录挂载到docker的/soft目录,前面的是主机目录,后面的是docker的目录。 
docker run -i -t -v /soft:/soft 686672a1d0cc /bin/bash
 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5

挂载后,查看相应的文件出现如下的提示:

[root@ba471da26d07 soft]# ls
ls: cannot access jdk-8u102-linux-x64.tar.gz: Permission denied
hadoop-2.7.2.tar.gz  jdk-8u102-linux-x64.tar.gz
 
 
  • 1
  • 2
  • 3
  • 1
  • 2
  • 3
   问题原因及解决办法
   原因是CentOS7中的安全模块selinux把权限禁掉了,至少有以下三种方式解决挂载的目录没有权限的问题:
   1.在运行容器的时候,给容器加特权,及加上 --privileged=true 参数:
   docker run -i -t -v /soft:/soft --privileged=true 686672a1d0cc /bin/bash
   2.临时关闭selinux:
   setenforce 0
   3.添加selinux规则,改变要挂载的目录的安全性文本
# 更改安全性文本的格式如下
chcon [-R] [-t type] [-u user] [-r role] 文件或者目录

选顷不参数: 
-R  :连同该目录下癿次目录也同时修改; 
-t  :后面接安全性本文的类型字段!例如 httpd_sys_content_t ; 
-u  :后面接身份识别,例如 system_u; 
-r  :后面街觇色,例如 system_r

[root@localhost Desktop]# chcon --help
Usage: chcon [OPTION]... CONTEXT FILE...
  or:  chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
  or:  chcon [OPTION]... --reference=RFILE FILE...
Change the SELinux security context of each FILE to CONTEXT.
With --reference, change the security context of each FILE to that of RFILE.

Mandatory arguments to long options are mandatory for short options too.
      --dereference      affect the referent of each symbolic link (this is
                         the default), rather than the symbolic link itself
  -h, --no-dereference   affect symbolic links instead of any referenced file
  -u, --user=USER        set user USER in the target security context
  -r, --role=ROLE        set role ROLE in the target security context
  -t, --type=TYPE        set type TYPE in the target security context
  -l, --range=RANGE      set range RANGE in the target security context
      --no-preserve-root  do not treat '/' specially (the default)
      --preserve-root    fail to operate recursively on '/'
      --reference=RFILE  use RFILE's security context rather than specifying
                         a CONTEXT value
  -R, --recursive        operate on files and directories recursively
  -v, --verbose          output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R
option is also specified.  If more than one is specified, only the final
one takes effect.

  -H                     if a command line argument is a symbolic link
                         to a directory, traverse it
  -L                     traverse every symbolic link to a directory
                         encountered
  -P                     do not traverse any symbolic links (default)

      --help     display this help and exit
      --version  output version information and exit

GNU coreutils online help: <http://www.gnu.org/software/coreutils/>
For complete documentation, run: info coreutils 'chcon invocation'

 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47

在主机中修改/soft目录的安全性文档

[root@localhost Desktop]# chcon -Rt svirt_sandbox_file_t /soft

[root@ba471da26d07 soft]# ll
total 384264
-rw-r--r--. 1 root root 212046774 Aug  8 10:01 hadoop-2.7.2.tar.gz
-rw-r--r--. 1 root root 181435897 Aug  8 09:23 jdk-8u102-linux-x64.tar.gz

 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

docker中就可以正常访问该目录下的相关资源了。

也可以参考以下链接: 
https://yq.aliyun.com/articles/53990

Logo

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐