Docker + SLES15 : Unable to access files inside docker container : ls: cannot access '<directory/file name>': Operation not permitted

About

Asked 14/1, 2022 at 17:25 Answered 19/9, 2022 at 17:22

Solved docker docker-compose suse sles

I am new to docker and trying to create docker file from SLES 15 base image:

FROM <base image - SLES 15 >

LABEL <label> \
    Version="1.0"

In docker-compose.yml , I have mentioned :

working_dir: $PWD
volumes:
      - $PWD/../../:$PWD/../../

When I start docker container, I am not able to access any file or directory with following error:

 ls: cannot access '<directory/file name>': Operation not permitted 
total 0
d????????? ? ? ? ?            ? <directory-name>

I tries possible solutions suggested like :

Setting file permissions with chown/chmod
Disable selinux

Any idea about root cause of this issue and possible solution?

Similar issue from stackoverflow : No access rights in Docker Container when using SLES15 and *Suse Container

Hardtack answered 14/1, 2022 at 17:25 Comment(14)

if following on the thread you've linked to, have you tried doing a similar operation on another distro image like debian – Vanegas 14/1, 2022 at 18:25

I did try with CentOS7 based image and didn't see any issue there. I could access files/directories using "ls -n" with no permission issue – Hardtack 14/1, 2022 at 21:29

maybe its a user permission issue? try using the id command with each image to see with what user are you running in them – Vanegas 15/1, 2022 at 9:4

I did try permission settings using chown/chmod. I have verified that id ( user and group ) is 0 and user is root inside container. I also tried to set it specific to user group of my local machine where I am trying to run container. I am still getting ls: cannot access '<directory/file name>': Operation not permitted when trying ls -n or ls -l – Hardtack 19/1, 2022 at 3:18

I tried to start container with same UID and GID of an host machine : 'docker-compose run --user 1000:1000 <image-name> bash'. even with this facing same issue. – Hardtack 20/1, 2022 at 17:59

maybe try with --priveledged and -u 0? – Vanegas 21/1, 2022 at 8:34

I updated my docker file

RUN useradd -ms /bin/bash -u 1000 -U dockerbuilduser && \     echo "dockerbuilduser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/dockerbuilduser && \     mkdir /home/dockerbuilduser/.gradle && \     chown 1000:1000 /home/dockerbuilduser && \     chmod 777 -R /home/dockerbuilduser && \     chmod 0400 /etc/sudoers.d/dockerbuilduser  USER dockerbuilduser

Created user with same uid of host machine user and also assigned ownership. Still when I do cd /home/dockerbuilduser and then ls -l I get permission error. same error for newly created folder as well – Hardtack 21/1, 2022 at 17:43

Yes after running container with --privileged flag. I could run ls -l without permission error. However as per my understanding it is not recommended to use privileged containers. How can I solve this issue without privileged container. – Hardtack 21/1, 2022 at 17:49

that's good progress! to what user\privildges did it achieve? have you tried changing ownership to nobody:nogroup? do you have a requirement to use this exact distro? – Vanegas 22/1, 2022 at 9:56

Yes. For privileged mode - When I don't add any user in Dockerfile, It defaults to root with output as drwxrwxrwx 1 0 0 27 Jan 24 17:24 <folder-name> ( i.e. uid and gid as 0 and user as root ) . If I add dockerbuilduser then it's drwxrwxrwx 1 1000 1000 27 Jan 24 17:24 <folder-name> ( i.e. uid and gid as 1000 and user as dockerbuilduser). Sorry I didn't understand your point about changing ownership to nobody:nogroup. Yes I have requirement to use this exact distro. – Hardtack 24/1, 2022 at 17:55

with the dockerbuilduser user, did it work? – Vanegas 25/1, 2022 at 13:18

I could deduce possible issue today. Actually It was my mistake to try running SLES based docker container on CentOS based host machine. That was the reason of permission issue. When I use SLES based host machine there are no permission issues. Sorry for the confusion. Thanks Noam for all your inputs. It helped me to understand the docker concepts. – Hardtack 25/1, 2022 at 20:10

could you elaborate on the difference in permissions? why would two contradict if both based on the linux kernel? please add this to the final answer – Vanegas 26/1, 2022 at 12:9

See response https://mcmap.net/q/1627496/-no-access-rights-in-docker-container-when-using-sles15-and-suse-container : update libseccomp on host to at least 2.5.2. – Cardenas 28/3, 2022 at 14:22

I was getting permission issues because I was running SLES based docker container inside CentOS based host machine. If I use SLES based host machine, I could run the container without any permission issue.

Hardtack answered 25/1, 2022 at 20:12 Comment(1)

Is there another solution? Is it possible to run such an container? – Truckle 15/12, 2022 at 18:59

in my case I fixed it by upgrading docker to latest version.

reference link.

Monastery answered 19/9, 2022 at 17:22 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags