It seems that symlinks to socket is not correctly handled by docker run.
The problem:
I'm trying to use rootless docker. The socket to connect to docker is
/run/user/1000/docker.sock.
But I need to use a docker-compose file where a traefik container is run with a volume mapping to give access to /var/run/docker.sock from inside the container. I can't modify this docker-compose file.
To make it work, I tried to do a symlink /var/run/docker.sock > /run/user/1000/docker.socket. It works fine on my host machine, I can talk to the rootless docker using this socket but when running the container, the /var/run/docker.sock file is not a socket but a directory.
How to reproduce:
To reproduce the problem with docker run:
sudo ln -s /run/user/1000/docker.sock /var/run/docker.sock
sudo docker run -v /run/user/1000/docker.sock:/var/run/docker-user.sock -v /var/run/docker.sock:/var/run/docker.sock -it traefik /bin/sh
Inside the traefik container:
/ # ls -al /var/run/
total 0
drwxr-xr-x 1 root root 54 Dec 13 17:23 .
drwxr-xr-x 1 root root 134 Dec 13 17:23 ..
srw-rw---T 1 root 974 0 Dec 13 15:06 docker-user.sock
drwxr-xr-x 2 root root 40 Dec 13 15:09 docker.sock
Thanks for the help :)
Related
I've got Windows system with Alpine WSL2 integration, and cannot run docker-compose under it. Here is log of my actions in WSL2:
ZHOPOZAVR:~# docker -v
Docker version 20.10.16, build aa7e414fdcb23a66e8fabbef0a560ef1769eace5
ZHOPOZAVR:~# docker-compose -v
/mnt/c/Program Files/Docker/Docker/resources/bin/docker-compose: line 13: /usr/bin/docker-compose: not found
ZHOPOZAVR:~# ls -al /usr/bin | grep docker-compose
lrwxrwxrwx 1 root root 56 Jan 13 05:41 docker-compose -> /mnt/wsl/docker-desktop/cli-tools/usr/bin/docker-compose
lrwxrwxrwx 1 root root 59 Jan 13 05:41 docker-compose-v1 -> /mnt/wsl/docker-desktop/cli-tools/usr/bin/docker-compose-v1
ZHOPOZAVR:~# /usr/bin/docker-compose -v
-ash: /usr/bin/docker-compose: not found
WSL2 integration is enabled in my Docker Desktop:
Turned out that somehow Apline WSL doesn't work with docker-compose. Ubuntu works just fine.
Working on a Mac.
I am trying to run docker in a docker container by mounting docker client and socket like so:
services:
jenkins:
image: ubuntu:latest
container_name: ubuntu
privileged: true
tty: true
volumes:
- ./ubuntu/home:/home
- /usr/local/bin/docker:/usr/bin/docker
- /var/run/docker.sock:/var/run/docker.sock
When I now exec into the container and try to run a docker command, I get this:
➜ test docker exec -it ubuntu /bin/bash
root#c586d6f5fca4:/# which docker
root#c586d6f5fca4:/# docker -h
bash: docker: command not found
root#c586d6f5fca4:/#
Why am I not able to run docker in the container even though the hosts (my Mac) docker client and socket are mounted?
root#c586d6f5fca4:/# ls -la /usr/bin | grep docker
+drwxr-xr-x 2 root root 40 Oct 12 08:49 docker
root#c586d6f5fca4:/var/run# ls -la
total 20
drwxr-xr-x 1 root root 4096 Oct 22 05:54 .
drwxr-xr-x 1 root root 4096 Oct 22 05:54 ..
srwxr-xr-x 1 root root 0 Sep 18 12:38 docker.sock
drwxrwxrwt 2 root root 4096 Oct 3 21:41 lock
drwxr-xr-x 2 root root 4096 Oct 3 21:41 mount
drwxr-xr-x 2 root root 4096 Oct 3 21:44 systemd
The path to docker client on Mac is correct:
➜ ~ which docker
/usr/local/bin/docker
Thanks!
I am trying to learn Docker volumes, and I am using centos:latest as my base image. When I try to run a Docker command, I am unable to access the attached volume inside the container:
Command:
sudo docker run -it --name test -v /home/user/Myhostdir:/mydata centos:latest /bin/bash
Error:
[user#0bd1bb78b1a5 mydata]$ ls
ls: cannot open directory .: Permission denied
When I try to ls to find the folder permission, it says 1001. What's happening, and how can to solve this?
drwxrwxr-x. 2 1001 1001 38 Jun 2 23:12 mydata
My local machine:
[user#xxx07012 Myhostdir]$ pwd
/home/user/Myhostdir
[user#swathi07012 Myhostdir]$ ls -al
total 12
drwxrwxr-x. 2 user user 38 Jun 2 23:12 .
drwx------. 18 user user 4096 Jun 2 23:11 ..
-rw-rw-r--. 1 user user 15 Jun 2 23:12 text.2.txt
-rw-rw-r--. 1 user user 25 Jun 2 23:12 text.txt
This is partially a Docker issue, but mostly an SELinux issue. I am assuming you are running an old 1.x version of Docker.
You have a couple of options. First, you could take a look at this blog post to understand the issue a bit more and possibly use the fix mentioned there.
Or you could just upgrade to a newer version of Docker. I tested mounting a simple volume on Docker version 18.03.1-ce:
docker run -it --name test -v /home/chris/test:/mydata centos:latest /bin/bash
[root#bfec7af20b99 /]# cd mydata/
[root#bfec7af20b99 mydata]# ls
test.txt.txt
[root#bfec7af20b99 mydata]# ls -l
total 0
-rwxr-xr-x 1 root root 0 Jun 3 00:40 test.txt.txt
I'm trying to understand when containers copy preexisting files into a mounted volume on the same directory. For example
FROM ubuntu
RUN mkdir /testdir
RUN echo "Hello world" > /testdir/file.txt
running:
#docker create volume vol
#docker run -dit -v vol:/testdir myimage
#docker exec -it 900444b7ab86 ls -la /testdir
drwxr-xr-x 2 root root 4096 May 11 18:43 .
drwxr-xr-x 1 root root 4096 May 11 18:43 ..
-rw-r--r-- 1 root root 6 May 11 17:53 file.txt
The image for example also has files in:
# docker exec -it 900444b7ab86 ls -la /etc/cron.daily
total 20
drwxr-xr-x 2 root root 4096 Apr 26 21:17 .
drwxr-xr-x 1 root root 4096 May 11 18:43 ..
-rwxr-xr-x 1 root root 1478 Apr 20 10:08 apt-compat
-rwxr-xr-x 1 root root 1176 Nov 2 2017 dpkg
-rwxr-xr-x 1 root root 249 Jan 25 15:09 passwd
But for example when I run it with
docker run -it 900444b7ab81 -v vol:/etc/cron.daily
The directory is now empty..
Why don't the files get copied this time?
#docker run -dit -v vol:/testdir
That is not a valid docker command, there's no image reference included, so there's nothing for docker to run.
docker run -it 900444b7ab81 -v vol:/etc/cron.daily
This will attempt to run the image 900444b7ab81 with the command -v vol:/etc/cron.daily. Before you had a container id with a very similar id, so it's not clear that you aren't trying to do a run with a container id instead of an image id. And the command -v likely doesn't exist inside the container.
The order of these arguments is important, the first thing after the run that isn't an option or arg to the previous option is treated as the image reference. After that reference, anything else passed is a command to run in the container. So if you wanted to mount the volume, you need to move that option before the image id.
I'm trying to understand when containers copy preexisting files into a mounted volume on the same directory.
With named volumes, docker initializes an empty named volume upon creation of the container with the contents of the image at that location. Once the volume has files in it, it will be mapped as is into the container on any subsequent usage, so changes to the image at the same location will not be seen.
I use the following command to run a container:
docker run -it -v /home/:/usr/ ubuntu64 /bin/bash
Then I run a program in the container, the program generates some files in the folder:/usr/ which also appear in /home/ but I can't access the generated files with an error: Permission denied outside the container.
I think this may because the files generated by root in the container but outside the container, the user have no root authority, but how to solve it?
What I want to do is accessing the files generated by the program(installed in the container) outside the container.
You need to use the -u flag
docker run -it -v $PWD:/data -w /data alpine touch nouser.txt
docker run -u `id -u` -it -v $PWD:/data -w /data alpine touch onlyuser.txt
docker run -u `id -u`:`id -g` -it -v $PWD:/data -w /data alpine touch usergroup.txt
Now if you do ls -alh on the host system
$ ls -alh
total 8.0K
drwxrwxr-x 2 vagrant vagrant 4.0K Sep 9 05:22 .
drwxrwxr-x 30 vagrant vagrant 4.0K Sep 9 05:19 ..
-rw-r--r-- 1 root root 0 Sep 9 05:21 nouser.txt
-rw-r--r-- 1 vagrant root 0 Sep 9 05:21 onlyuser.txt
-rw-r--r-- 1 vagrant vagrant 0 Sep 9 05:22 usergroup.txt