Docker挂载目录访问权限

我有一个运行MongoDB数据库的docker容器.为了保持数据的持久性,我在容器上安装了一个卷,该容器是使用xfs格式化的AWS EBS卷(MongoDB建议).

运行命令如下:

$ docker run --name MongoDB -p 27017:27017 --volume /data/mongo/db:/data/db --volume /data/mongo/conf:/data/configdb mongo:3.4 --config /data/configdb/mongodb.conf

但我总是得到以下错误:

chown: cannot read directory '/data/configdb': Permission denied
chown: cannot read directory '/data/db': Permission denied

我在所有/ data/mongo目录和子目录上尝试了很多chmod和chown命令,直到我来到chmod -R 777/data/mongo但不再成功.在mongo Dockerfile上,我看到入口点chown/data/db和/ data/configdb:https://github.com/docker-library/mongo/blob/30d09dbd6343d3cbd1bbea2d6afde49f5d9a9295/3.4/docker-entrypoint.sh

chown -R mongodb /data/configdb /data/db

所以我坚持使用这个目录访问权限.

更多信息.我在AWS,ECS,Centos 7上.

 $ docker info
Containers: 1
 Running: 0
 Paused: 0
 Stopped: 1
Images: 3
Server Version: 1.12.5
Storage Driver: devicemapper
 Pool Name: docker-202:1-86279-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 481.6 MB
 Data Space Total: 107.4 GB
 Data Space Available: 6.486 GB
 Metadata Space Used: 1.167 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.146 GB
 Thin Pool Minimum Free Space: 10.74 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.135-RHEL7 (2016-11-16)
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
 Volume: local
 Network: bridge host null overlay
Swarm: inactive
Runtimes: runc docker-runc
Default Runtime: docker-runc
Security Options: seccomp selinux
Kernel Version: 3.10.0-514.6.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 2
Total Memory: 14.53 GiB
Name: ip-172-31-25-123.eu-west-1.compute.internal
ID: 44WV:6KIZ:LHMK:5HDN:S3EC:YEQG:GFZZ:7TIV:6PCT:GPVF:E6IV:24Q5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8
Registries: docker.io (secure)

jmcollin92.. 10

好吧,我才意识到我的Centos7 Box上激活了SELinux:

 $ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

所以我只需要在每次卷装入后添加:Z并且MongoDB按预期启动.

好吧,我才意识到我的Centos7 Box上激活了SELinux:

 $ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

所以我只需要在每次卷装入后添加:Z并且MongoDB按预期启动.