为什么docker会提示" Permission denied"备份数据卷时?

时间:2015-05-07 04:01:55

标签: linux ubuntu docker

我正在关注docker document以测试数据卷的备份过程。

以下两个步骤都可以:

docker create -v /dbdata --name dbdata training/postgres /bin/true
docker run -d --volumes-from dbdata --name db1 training/postgres

但备份数据的输出是:

[root@localhost data]# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
tar: /backup/backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
[root@localhost data]# pwd
/root/data
[root@localhost data]# ls -alt
total 4
drwxrwxrwx.  2 root root    6 May  7 21:33 .
drwxrwx-w-. 15 root root 4096 May  7 21:33 ..

我是以root用户身份工作的,为什么它会提示" Permission denied"?

执行debug命令后:

docker run --name ins --volumes-from dbdata -v $(pwd):/backup ubuntu sleep 99999 &
docker inspect ins

输出结果为:

    [{
    "AppArmorProfile": "",
    "Args": [
        "99999"
    ],
    "Config": {
        "AttachStderr": true,
        "AttachStdin": false,
        "AttachStdout": true,
        "Cmd": [
            "sleep",
            "99999"
        ],
        "CpuShares": 0,
        "Cpuset": "",
        "Domainname": "",
        "Entrypoint": null,
        "Env": null,
        "ExposedPorts": null,
        "Hostname": "83e3e1715648",
        "Image": "ubuntu",
        "MacAddress": "",
        "Memory": 0,
        "MemorySwap": 0,
        "NetworkDisabled": false,
        "OnBuild": null,
        "OpenStdin": false,
        "PortSpecs": null,
        "StdinOnce": false,
        "Tty": false,
        "User": "",
        "Volumes": null,
        "WorkingDir": ""
    },
    "Created": "2015-05-08T01:36:35.564512894Z",
    "Driver": "devicemapper",
    "ExecDriver": "native-0.2",
    "ExecIDs": null,
    "HostConfig": {
        "Binds": [
            "/root/data:/backup"
        ],
        "CapAdd": null,
        "CapDrop": null,
        "ContainerIDFile": "",
        "Devices": [],
        "Dns": null,
        "DnsSearch": null,
        "ExtraHosts": null,
        "IpcMode": "",
        "Links": null,
        "LxcConf": [],
        "NetworkMode": "bridge",
        "PidMode": "",
        "PortBindings": {},
        "Privileged": false,
        "PublishAllPorts": false,
        "ReadonlyRootfs": false,
        "RestartPolicy": {
            "MaximumRetryCount": 0,
            "Name": ""
        },
        "SecurityOpt": null,
        "VolumesFrom": [
            "dbdata"
        ]
    },
    "HostnamePath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/hostname",
    "HostsPath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/hosts",
    "Id": "83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362",
    "Image": "07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95",
    "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c414,c650",
    "Name": "/ins",
    "NetworkSettings": {
        "Bridge": "docker0",
        "Gateway": "172.17.42.1",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "IPAddress": "172.17.0.6",
        "IPPrefixLen": 16,
        "IPv6Gateway": "",
        "LinkLocalIPv6Address": "fe80::42:acff:fe11:6",
        "LinkLocalIPv6PrefixLen": 64,
        "MacAddress": "02:42:ac:11:00:06",
        "PortMapping": null,
        "Ports": {}
    },
    "Path": "sleep",
    "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c414,c650",
    "ResolvConfPath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/resolv.conf",
    "RestartCount": 0,
    "State": {
        "Error": "",
        "ExitCode": 0,
        "FinishedAt": "0001-01-01T00:00:00Z",
        "OOMKilled": false,
        "Paused": false,
        "Pid": 3614,
        "Restarting": false,
        "Running": true,
        "StartedAt": "2015-05-08T01:36:36.231389015Z"
    },
    "Volumes": {
        "/backup": "/root/data",
        "/dbdata": "/var/lib/docker/vfs/dir/df0378f15f61c8f2e220421968fe181cdcf1a03613218c716c81477dda4bdf76"
    },
    "VolumesRW": {
        "/backup": true,
        "/dbdata": true
    }
}
]

我也尝试以下命令:

[root@localhost data]# docker run --volumes-from dbdata -v $(pwd):/backup -it ubuntu
root@e59c628417f5:/# ls
backup  bin  boot  dbdata  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@e59c628417f5:/# ls -alt
total 72
......
drwxrwxrwx.   2 root root    6 May  8 01:33 backup
......
root@e59c628417f5:/# ls -alt backup/
ls: cannot open directory backup/: Permission denied

所以我认为根本原因仍然是用户权限。

1 个答案:

答案 0 :(得分:1)

我刚刚尝试了你列出的命令,他们为我工作,无论是在OSX平台还是直接的linux平台上。问题是你将$(pwd)(从您的主机)挂载到/ backup(在ubuntu映像中,上面运行的第三个docker)。

我怀疑当你启动命令时,你所在的目录是不可写的?我试图让它像这样失败:

mkdir failme
chmod 000 failme
cd failme
docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

但是,它起作用了: - )

所以,我进入了一个不能被root写的目录:

cd /proc
root@kube:/proc# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
tar: /backup/backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now

您是否可能从根目录不可写的目录开始?

请将输出发布到这些命令:首先,运行:

docker run --name ins --volumes-from dbdata -v $(pwd):/backup ubuntu sleep 99999 &

(而不是您列出的备份命令命令。)

然后进行检查并发布结果:

docker inspect ins

答案结果证明是导致错误的selinux。原始海报找到答案:

setenforce 0
相关问题
最新问题