Docker Volume Mount Permission Denied 2018

| 16-09-2021
[RAND-1-100] Comments

In order to do that, I created a volume over the NFS and bound it to the POD through the related volume claim. When I try to write or accede the shared folder I got a 'permission denied' message, since the NFS is apparently read-only. The following is the json file I used to create the volume. Docker on windows mount source path permission denied May 31, 2017 Recently I was leveraging Azure App Services to deploy my Docker packaged.NET Core app.

Good Afternoon, Guys -

Denied

I run Docker via Atomic (Fedora 29) on a dedicated system which I’ve used for a few months now and absolutely love it. There are many additional things that I want to do with it, however continue to hit a single roadblock. I’ve done a ton of research and testing without finding a solution so far so wanted to make an all-inclusive post.

My Question / Issue

Docker

What is the suggested method for mounting a Windows Share to a container so that the container has full Read/Write access to the files/folders within?

What I’ve Tried

So far, I’ve tried the below methods without success. A section for each is below with detail and results…

  • Attempt #1: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container
  • Attempt #2: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container Excluding SysLinux Parameters
  • Attempt #3: Using the NetShare Docker Plugin
  • Attempt #4: Mounting Share Inside of Container Using CIFS

Attempt #1: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container

Basically, I use CIFS to mount the Windows share with 0777 to an empty path on the host like /shares/files. When creating the container I wish to access it, I add a volume by including the below string:

-v /share/files:/files:z (Added :z since use Atomic with SysLinux)

This fails as when I try to create the container including tyhe above string, I get the error:

> /usr/bin/docker-current: Error response from daemon: error setting label on mount source ‘/share/files’: SELinux relabeling of /share/files is not allowed: “operation not supported”.

Attempt #2: Same as Test #1, but Excluding SysLinux Parameter

This is the same as the above test, but I remove ':z' from the end of the string resulting in:

-v /share/files:/files

I am able to create the container successfully, however; cannot access the files. If I connect to the container, I can cd into /files, however simply trying to execute 'ls' fails with the error:

> ls: cannot open directory ‘.’: Permission denied

Note: I tested mounting to a folder which pre-exists in the container as well as defining a new one when creating the container. When connecting to the container after creation, I found that it did create /filestest yet I got the same error when trying to list files within it.

Attempt #3: Using the NetShare Docker Plugin

I ran across containx/docker-volume-netshare which is a Docker plugin that supposedly allows easier mounting of shares with containers so thought i’d try it out.

Docker Mount Permission Denied

Unfortunately, I cannot get it working with Atomic for the life of me. I’ve tried installing it’s DEB which I seemingly cannot do with Atomic, installing it using rpm-tree (Atomic doesn’t have yum/apt-get), trying to install it using “docker plugin install containx/docker-volume-netshare”, building it from source, and finally just copying and running it’s binary.

The closest I got was by downloading and testing the binary as after setting its permissions, I could execute 'docker-volume-netshare -h' and see the help and other notes. When attempting to use it by executing 'docker volume create -d cifs --name myserver/files$' (which is a valid shared path), I got the error:

Error response from daemon: create myserver/files$: create myserver/files$: Error looking up volume plugin cifs: legacy plugin: plugin not found

I posted an issue in their GitHub repo and tried a variety of other things, but didn’t get a response after weeks and had no further luck.

Attempt #4: Mounting Share Inside of Container Using CIFS

I found a couple of posts suggesting this could work, so gave it a shot. I first added the string below when building a typical container as the posts said it was required:

–cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH

Once the container was up, I connected to it and did the following:

Mount

Docker Volume Mount Permission

  1. Updated apt-get then installed nano & cifs-utils
  2. Created the file /.smbcredentials with credentials inside of it then ran chmod against it
  3. Created a new folder in the root named /filestest and set it to 0777 with chmod (Also tried using an existing empty folder in root which I set to 0777 as well)
  4. Edited /etc/fstab and added the below string (since I want it to be persistent)

//myserver/files$ /filestest cifs iocharset=utf8,credentials=/.smbcredentials,file_mode=0777,dir_mode=0777 0 0

Denied

Note: When first opening /etc/fstab, there was a single comment stating '# UNCONFIGURED FSTAB FOR BASE SYSTEM'

Once done, I executed 'mount -a' which returns the below error:

Docker Volume Mount Permission Denied

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Docker Volume Mount Permission Denied 2018

How to Proceed / Suggestions?

So that’s where I’m at. As you can see, I’m not asking out of the blue and have invested tons of time researching and testing. Any suggestions you have would be greatly appreciated.

Thank You & Happy Holidays!