我正在Linux Mint Docker主机上开发一个Node多容器应用程序,并通过Snapcraft安装了Docker和Docker Compose。有四个容器,其中两个具有针对主机上项目文件夹的绑定装入卷。这都是很标准的东西。
几天前,某些容器开始因权限错误而失败。这是我的Docker Compose命令,以及来自失败容器的日志:
$ docker-compose -f docker-compose.yml -f docker-compose-dev.yml up --no-build
Creating network "frontend_default" with the default driver
Creating frontend_mysql_1 ... done
Creating frontend_reverse-proxy_1 ... done
Creating frontend_api_1 ... done
Creating frontend_frontend_1 ... done
Attaching to frontend_reverse-proxy_1, frontend_mysql_1, frontend_api_1, frontend_frontend_1
api_1 | npm ERR! code EACCES
api_1 | npm ERR! syscall open
api_1 | npm ERR! path /root/.config/configstore/update-notifier-npm.json
api_1 | npm ERR! errno -13
api_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! You don't have access to this file.
api_1 | npm ERR!
api_1 | npm ERR! at Object.openSync (fs.js:440:3)
api_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
api_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
api_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
api_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
api_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
api_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
api_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11)
api_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! You don't have access to this file.
api_1 | npm ERR!
api_1 | npm ERR! at Object.openSync (fs.js:440:3)
api_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
api_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
api_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
api_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
api_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
api_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
api_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11) {
api_1 | npm ERR! stack: "Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'\n" +
api_1 | npm ERR! "You don't have access to this file.\n" +
api_1 | npm ERR! '\n' +
api_1 | npm ERR! ' at Object.openSync (fs.js:440:3)\n' +
api_1 | npm ERR! ' at Object.readFileSync (fs.js:342:35)\n' +
api_1 | npm ERR! ' at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)\n' +
api_1 | npm ERR! ' at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)\n' +
api_1 | npm ERR! ' at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)\n' +
api_1 | npm ERR! ' at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)\n' +
api_1 | npm ERR! ' at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)\n' +
api_1 | npm ERR! ' at processTicksAndRejections (internal/process/task_queues.js:76:11)',
api_1 | npm ERR! errno: -13,
api_1 | npm ERR! syscall: 'open',
api_1 | npm ERR! code: 'EACCES',
api_1 | npm ERR! path: '/root/.config/configstore/update-notifier-npm.json'
api_1 | npm ERR! }
api_1 | npm ERR!
api_1 | npm ERR! The operation was rejected by your operating system.
api_1 | npm ERR! It is likely you do not have the permissions to access this file as the current user
api_1 | npm ERR!
api_1 | npm ERR! If you believe this might be a permissions issue, please double-check the
api_1 | npm ERR! permissions of the file and its containing directories, or try running
api_1 | npm ERR! the command again as root/Administrator.
api_1 |
api_1 | npm ERR! A complete log of this run can be found in:
api_1 | npm ERR! /root/.npm/_logs/2020-05-26T12_31_11_538Z-debug.log
api_1 | mysql_1 | /bin/bash: /usr/local/bin/docker-entrypoint.sh: Permission denied
reverse-proxy_1 | /bin/sh: can't open '/entrypoint.sh': Permission denied
frontend_reverse-proxy_1 exited with code 2
frontend_1 | npm ERR! code EACCES
frontend_1 | npm ERR! syscall open
frontend_1 | npm ERR! path /root/.config/configstore/update-notifier-npm.json
frontend_1 | npm ERR! errno -13
frontend_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! You don't have access to this file.
frontend_1 | npm ERR!
frontend_1 | npm ERR! at Object.openSync (fs.js:440:3)
frontend_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
frontend_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
frontend_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
frontend_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
frontend_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
frontend_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
frontend_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11)
frontend_1 | npm ERR! Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! You don't have access to this file.
frontend_1 | npm ERR!
frontend_1 | npm ERR! at Object.openSync (fs.js:440:3)
frontend_1 | npm ERR! at Object.readFileSync (fs.js:342:35)
frontend_1 | npm ERR! at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)
frontend_1 | npm ERR! at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)
frontend_1 | npm ERR! at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)
frontend_1 | npm ERR! at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)
frontend_1 | npm ERR! at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)
frontend_1 | npm ERR! at processTicksAndRejections (internal/process/task_queues.js:76:11) {
frontend_1 | npm ERR! stack: "Error: EACCES: permission denied, open '/root/.config/configstore/update-notifier-npm.json'\n" +
frontend_1 | npm ERR! "You don't have access to this file.\n" +
frontend_1 | npm ERR! '\n' +
frontend_1 | npm ERR! ' at Object.openSync (fs.js:440:3)\n' +
frontend_1 | npm ERR! ' at Object.readFileSync (fs.js:342:35)\n' +
frontend_1 | npm ERR! ' at Configstore.get all [as all] (/usr/lib/node_modules/npm/node_modules/configstore/index.js:30:25)\n' +
frontend_1 | npm ERR! ' at Configstore.get (/usr/lib/node_modules/npm/node_modules/configstore/index.js:74:27)\n' +
frontend_1 | npm ERR! ' at UpdateNotifier.check (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:78:16)\n' +
frontend_1 | npm ERR! ' at module.exports (/usr/lib/node_modules/npm/node_modules/update-notifier/index.js:151:17)\n' +
frontend_1 | npm ERR! ' at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/bin/npm-cli.js:85:48)\n' +
frontend_1 | npm ERR! ' at processTicksAndRejections (internal/process/task_queues.js:76:11)',
frontend_1 | npm ERR! errno: -13,
frontend_1 | npm ERR! syscall: 'open',
frontend_1 | npm ERR! code: 'EACCES',
frontend_1 | npm ERR! path: '/root/.config/configstore/update-notifier-npm.json'
frontend_1 | npm ERR! }
frontend_1 | npm ERR!
frontend_1 | npm ERR! The operation was rejected by your operating system.
frontend_1 | npm ERR! It is likely you do not have the permissions to access this file as the current user
frontend_1 | npm ERR!
frontend_1 | npm ERR! If you believe this might be a permissions issue, please double-check the
frontend_1 | npm ERR! permissions of the file and its containing directories, or try running
frontend_1 | npm ERR! the command again as root/Administrator.
frontend_1 |
frontend_1 | npm ERR! A complete log of this run can be found in:
frontend_1 | npm ERR! /root/.npm/_logs/2020-05-26T12_31_12_821Z-debug.log
frontend_1 | frontend_mysql_1 exited with code 126
我不确定是什么原因造成的,因为开发机器上的主要内容都没有改变。我做了一些扎根工作,发现AppArmor已经开始失败。以下是主机上dmesg上的一些日志:
May 26 13:31:15 dev-VirtualBox kernel: [ 136.787188] audit: type=1400 audit(1590496275.941:68): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=6516 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:16 dev-VirtualBox kernel: [ 137.403740] audit: type=1400 audit(1590496276.557:69): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6252 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:17 dev-VirtualBox kernel: [ 137.959766] audit: type=1400 audit(1590496277.113:70): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=6683 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:17 dev-VirtualBox kernel: [ 138.388630] audit: type=1400 audit(1590496277.541:71): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=6561 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:19 dev-VirtualBox kernel: [ 140.765452] audit: type=1400 audit(1590496279.917:72): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6861 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 140.975698] audit: type=1400 audit(1590496280.129:73): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-npm.json" pid=6942 comm="npm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 140.996244] audit: type=1400 audit(1590496280.149:74): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7082 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 141.399142] audit: type=1400 audit(1590496280.553:75): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=7162 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:20 dev-VirtualBox kernel: [ 141.521377] audit: type=1400 audit(1590496280.673:76): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.config/configstore/update-notifier-nodemon.json" pid=7185 comm="node" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:24 dev-VirtualBox kernel: [ 145.403602] audit: type=1400 audit(1590496284.557:77): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7312 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:32 dev-VirtualBox kernel: [ 153.298729] audit: type=1400 audit(1590496292.453:78): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7452 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:31:46 dev-VirtualBox kernel: [ 166.995319] audit: type=1400 audit(1590496306.149:79): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7610 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:32:12 dev-VirtualBox kernel: [ 193.228513] audit: type=1400 audit(1590496332.381:80): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/usr/local/bin/docker-entrypoint.sh" pid=7788 comm="docker-entrypoi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 26 13:32:55 dev-VirtualBox kernel: [ 236.569562] audit: type=1400 audit(1590496375.721:81): apparmor="DENIED" operation="open" profile="snap.docker.compose" name="/proc/7907/mounts" pid=7907 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
因此,它看起来像是AppArmor问题。 AppArmor可能已经进行了系统更新,但据我所知我尚未对其进行具体更改。恢复Docker正常运行该怎么办?
答案 0 :(得分:1)
这个问题很难找到,因为关于它的信息似乎很少。我的感觉是,它仅影响Snap中的Docker,而不影响其他方式安装的Docker。问题已in this forum thread进行了讨论。
问题源于多虫的内核(在我的情况下为5.3.0-53),将其还原到以前安装的版本即可解决此问题。对我来说就是5.3.0-51。 This bug report表示该问题也出现在5.4.0-31中,可以通过退回到5.4.0-29来解决。这说明了问题是如何单独出现的-通过系统更新交付了新内核。
我使用this answer来修改Grub,以便它引导到较旧的内核中。以下是针对同样问题的读者采取的步骤:
列出您当前的内核,以便您可以识别以前安装的内核:
dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}'
确认是哪个内核:
uname -r
您将需要更改/etc/default/grub中的引导选项,特别是一个名为GRUB_DEFAULT的值。通常为0,表示“启动最新内核”:
GRUB_DEFAULT=0
您需要更改它,使其指向特定的内核。因此,我的价值是:
GRUB_DEFAULT="Advanced options for Linux Mint 19.3 Cinnamon>Linux Mint 19.3 Cinnamon, with Linux 5.3.0-51-generic"
这些是菜单字符串,我们要求Grub为我们自动选择。要了解您的身份,请查看/boot/grub/grub.cfg,然后搜索关键字submenu来找到顶级元素,即本例中的“ Linux Mint 19.3 Cinnamon的高级选项”。从这一点开始,搜索menuentry来找到第二级元素,在这种情况下,它是“ Linux Mint 19.3 Cinnamon,具有Linux 5.3.0-51-generic”。子菜单有很多-您需要的版本是内核的倒数第二个版本。
将这两个字符串加在一起,在它们之间放置一个>,将它们用引号引起来,并将其用作您的GRUB_DEFAULT值。根据我之前链接的有用答案,明智的做法是在重新启动之前备份Grub文件,以防万一您遇到问题:
sudo cp /etc/default/grub /etc/default/grub.bak
最后,您应该在更改后重新生成Grub菜单:
sudo update-grub
重启后,您应该发现Docker恢复正常。希望将发布一个新内核,这时需要手动将Grub切换回以跟踪最新版本(假设它将在下一个Linux版本中修复)。