docker-compose with podman 不允许 运行 入口点
docker-compose with podman won't allow to run entrypoint
我使用的是 Fedora 35 Silverblue。
我关注了 this 关于如何在无根模式下制作 podman 和 docker-compose 朋友的文章。
我做了一个简单的项目:
.
├── docker-compose
│ └── app
│ ├── Dockerfile
│ └── entrypoint.sh
└── docker-compose.yml
docker-compose/app/entrypoint.sh 的权限是 -rwxrwxr-x.。
docker-compose.yml:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app
entrypoint: docker-compose/app/entrypoint.sh
docker-compose/app/Dockerfile:
FROM ruby
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh:
#!/bin/bash
echo "Hello world"
当我 运行 docker-compose up --build 我收到:
Removing app
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/2: FROM ruby
STEP 2/2: WORKDIR /usr/src/app
--> Using cache 39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
COMMIT app
--> 39d51dee763
Successfully tagged localhost/app:latest
Successfully tagged localhost/test-compose_app:latest
39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
Recreating 9b852c5536a3_app ... done
Attaching to app
app | /bin/bash: /usr/src/app/docker-compose/app/entrypoint.sh: Permission denied
app exited with code 126
因此,据我所知,它可以 运行 入口点,但无法访问容器内的 bash。
同一个项目 运行 在 MacOs 上没问题,但 docker。
如果我在 docker 文件中复制入口点,它可以工作,但我不想每次更改入口点中的内容时都重建我的图像。
是否有可能解决这个问题?
提前致谢
更新:即使复制入口点也不起作用
docker-compose/app/Dockerfile
FROM ruby
COPY docker-compose/app/entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh
#!/bin/bash
echo "Hello world"
whoami
pwd
ls -la .
$ docker-compose up --build
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/4: FROM ruby
STEP 2/4: COPY docker-compose/app/entrypoint.sh /entrypoint.sh
--> Using cache 6da30c949d2f7c7cf1f4a293c3f4aebe23843e87a124317afafe67cdc117e6ab
--> 6da30c949d2
STEP 3/4: ENTRYPOINT /entrypoint.sh
--> Using cache 6fdcaf571d83ac713235b0bb3c816f707b4257b6f55911675ef65a91d981c41d
--> 6fdcaf571d8
STEP 4/4: WORKDIR /usr/src/app
--> Using cache 70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
COMMIT app
--> 70f7f580ac7
Successfully tagged localhost/app:latest
70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
Recreating app ... done
Attaching to app
app | Hello world
app | root
app | /usr/src/app
app | ls: cannot open directory '.': Permission denied
app exited with code 2
似乎容器内的用户缺少权限,但用户是 root...
看起来您 运行 在系统 运行 SELinux 上。您需要 modify your bind mount 修改文件的标签以使其在容器内可访问:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app:z
entrypoint: docker-compose/app/entrypoint.sh
注意添加到绑定装载的 :z。
我使用的是 Fedora 35 Silverblue。 我关注了 this 关于如何在无根模式下制作 podman 和 docker-compose 朋友的文章。
我做了一个简单的项目:
.
├── docker-compose
│ └── app
│ ├── Dockerfile
│ └── entrypoint.sh
└── docker-compose.yml
docker-compose/app/entrypoint.sh 的权限是 -rwxrwxr-x.。
docker-compose.yml:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app
entrypoint: docker-compose/app/entrypoint.sh
docker-compose/app/Dockerfile:
FROM ruby
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh:
#!/bin/bash
echo "Hello world"
当我 运行 docker-compose up --build 我收到:
Removing app
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/2: FROM ruby
STEP 2/2: WORKDIR /usr/src/app
--> Using cache 39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
COMMIT app
--> 39d51dee763
Successfully tagged localhost/app:latest
Successfully tagged localhost/test-compose_app:latest
39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
Recreating 9b852c5536a3_app ... done
Attaching to app
app | /bin/bash: /usr/src/app/docker-compose/app/entrypoint.sh: Permission denied
app exited with code 126
因此,据我所知,它可以 运行 入口点,但无法访问容器内的 bash。
同一个项目 运行 在 MacOs 上没问题,但 docker。 如果我在 docker 文件中复制入口点,它可以工作,但我不想每次更改入口点中的内容时都重建我的图像。
是否有可能解决这个问题?
提前致谢
更新:即使复制入口点也不起作用
docker-compose/app/Dockerfile
FROM ruby
COPY docker-compose/app/entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh
#!/bin/bash
echo "Hello world"
whoami
pwd
ls -la .
$ docker-compose up --build
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/4: FROM ruby
STEP 2/4: COPY docker-compose/app/entrypoint.sh /entrypoint.sh
--> Using cache 6da30c949d2f7c7cf1f4a293c3f4aebe23843e87a124317afafe67cdc117e6ab
--> 6da30c949d2
STEP 3/4: ENTRYPOINT /entrypoint.sh
--> Using cache 6fdcaf571d83ac713235b0bb3c816f707b4257b6f55911675ef65a91d981c41d
--> 6fdcaf571d8
STEP 4/4: WORKDIR /usr/src/app
--> Using cache 70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
COMMIT app
--> 70f7f580ac7
Successfully tagged localhost/app:latest
70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
Recreating app ... done
Attaching to app
app | Hello world
app | root
app | /usr/src/app
app | ls: cannot open directory '.': Permission denied
app exited with code 2
似乎容器内的用户缺少权限,但用户是 root...
看起来您 运行 在系统 运行 SELinux 上。您需要 modify your bind mount 修改文件的标签以使其在容器内可访问:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app:z
entrypoint: docker-compose/app/entrypoint.sh
注意添加到绑定装载的 :z。