我在docker上很新,我尝试用一些模块来隔离我的python解释器,但我一开始就陷入困境。
我创建了一个简单的脚本,如:
print "Hello world"
将其保存在/home/my_user/script.py
docker run -it --rm --name my-first-python-script -v /home/my_user:/home/my_user python:2 python /home/my_user/script.py
而不是
python: can't open file '/home/my_user/script.py': [Errno 13] Permission denied
如何以正确的权限运行它?
Docker版本1.10.3,构建e03ddb8 / 1.10.3
操作系统是Fedora 23(工作站版)
看起来像是selinux的错误。现在,我仍然不知道如何解决这个问题。
SELinux is preventing python from read access on the file h.py.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python should be allowed read access on the h.py file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'python' --raw | audit2allow -M my-python
# semodule -X 300 -i my-python.pp
Additional Information:
Source Context system_u:system_r:container_t:s0:c364,c980
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects h.py [ file ]
Source python
Source Path python
Port <Unknown>
Host densolovev
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-224.fc25.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name densolovev
Platform Linux densolovev 4.8.6-300.fc25.x86_64 #1 SMP Tue
Nov 1 12:36:38 UTC 2016 x86_64 x86_64
Alert Count 1
First Seen 2017-03-11 20:59:09 +07
Last Seen 2017-03-11 20:59:09 +07
Local ID 4cfe1e00-555b-4294-aa88-e057cf831959
Raw Audit Messages
type=AVC msg=audit(1489240749.667:329): avc: denied { read } for pid=4951 comm="python" name="h.py" dev="dm-2" ino=2102911 scontext=system_u:system_r:container_t:s0:c364,c980 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Hash: python,container_t,user_home_t,file,read
答案 0 :(得分:1)
这是答案。装载:Z param。
-v /home/my_user:/home/my_user:Z
在这里找到
答案 1 :(得分:0)
将所有者的文件夹更改为您的用户和组。
chown user:user folder