无法在docker内部使用解释器运行python脚本[Errno 13]权限被拒绝

时间:2017-03-10 11:37:07

标签: python docker

我在docker上很新,我尝试用一​​些模块来隔离我的python解释器,但我一开始就陷入困境。

我创建了一个简单的脚本,如:

print "Hello world"

将其保存在/home/my_user/script.py

中 跑比跑  docker run -it --rm --name my-first-python-script -v /home/my_user:/home/my_user python:2 python /home/my_user/script.py

而不是

python: can't open file '/home/my_user/script.py': [Errno 13] Permission denied

如何以正确的权限运行它?

Docker版本1.10.3,构建e03ddb8 / 1.10.3

操作系统是Fedora 23(工作站版)

看起来像是selinux的错误。现在,我仍然不知道如何解决这个问题。

SELinux is preventing python from read access on the file h.py.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that python should be allowed read access on the h.py file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'python' --raw | audit2allow -M my-python
# semodule -X 300 -i my-python.pp

Additional Information:
Source Context                system_u:system_r:container_t:s0:c364,c980
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                h.py [ file ]
Source                        python
Source Path                   python
Port                          <Unknown>
Host                          densolovev
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-224.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     densolovev
Platform                      Linux densolovev 4.8.6-300.fc25.x86_64 #1 SMP Tue
                              Nov 1 12:36:38 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2017-03-11 20:59:09 +07
Last Seen                     2017-03-11 20:59:09 +07
Local ID                      4cfe1e00-555b-4294-aa88-e057cf831959

Raw Audit Messages
type=AVC msg=audit(1489240749.667:329): avc:  denied  { read } for  pid=4951 comm="python" name="h.py" dev="dm-2" ino=2102911 scontext=system_u:system_r:container_t:s0:c364,c980 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


Hash: python,container_t,user_home_t,file,read

2 个答案:

答案 0 :(得分:1)

这是答案。装载:Z param。

-v /home/my_user:/home/my_user:Z

在这里找到

https://stackoverflow.com/a/31334443/7682723

答案 1 :(得分:0)

将所有者的文件夹更改为您的用户和组。

chown user:user folder