我正在尝试构建一个将在我的生产环境中运行EF Core迁移的docker映像,但是我很难弄清楚如何配置访问权限,以便与拥有最小权限的用户一起运行,但仍然足以执行任务。我的Dockerfile
看起来像这样:
FROM microsoft/dotnet:2.1-sdk-alpine3.7
# Create an app-specific user, to avoid running as root
RUN addgroup -g 1001 -S app && \
adduser -u 1001 -S app -G app
USER app
# Connection string is set when starting the container
ENV ConnectionStrings__MyContext = "<set the ConnectionStrings__MyContext environment variable!>"
# Build the app inside the home dir of the app user
WORKDIR /home/app/db-update
COPY MyApp.csproj .
RUN dotnet restore
COPY . .
RUN dotnet build --configuration Release
# Apply migrations using the SDK
CMD dotnet ef database update
但是当我尝试从该文件构建映像时,dotnet restore
命令失败,并出现以下错误:
Step 8/11 : RUN dotnet restore
---> Running in 8df166ad5be0
Restoring packages for /home/app/db-update/MyApp.csproj...
Restoring packages for /home/app/db-update/MyApp.csproj...
Installing System.Threading.Tasks.Extensions 4.5.0.
Installing System.Memory 4.5.0.
... a lot of packages ...
Installing Microsoft.Extensions.Configuration.AzureKeyVault 2.1.0.
Generating MSBuild file /home/app/db-update/obj/MyApp.csproj.nuget.g.props.
/usr/share/dotnet/sdk/2.1.302/NuGet.targets(114,5): error : Access to the path '/home/app/db-update/obj' is denied. [/home/app/db-update/MyApp.csproj]
/usr/share/dotnet/sdk/2.1.302/NuGet.targets(114,5): error : Permission denied [/home/app/db-update/MyApp.csproj]
ERROR: Service 'notes-db_migrations' failed to build: The command '/bin/sh -c dotnet restore' returned a non-zero code: 1
我选择的工作目录(例如/db-update
或/home/app/db-update
)似乎无济于事,无论如何我都会遇到相同的拒绝权限错误。
什么是正确的配置方式?