• Uncategorized

About linux : access-denied-in-docker-when-mounting-volumes-while-userns-is-enabled

Question Detail

I am trying to use docker’s user namespaces feature using the official documentation here
I have added the configuration to my daemon.json file like

     "experimental": false,
     "features":{"buildkit": false},

I also verified that both subuid and subguid in /etc contain the following entries


I built my image to verify the functionality using an alpine:latest like so

FROM alpine:latest
RUN mkdir -p /root/.cache 

command used in building the image docker image build -t myimage:1 .
Then I run a container from this image using
docker container run -it --rm --name mycontainer -v "$(pwd)/test:/app" myimage:1 sh
I get access to the workdir inside the container (app) but I cannot touch/create any file without getting permission denied. Do I need to change the owner of the test directory I used to mount? if yes, who should own it?

docker version

docker version
Client: Docker Engine - Community
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086
 Built:             Thu Mar 24 01:47:57 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:45:46 2022
  OS/Arch:          linux/amd64
  Experimental:     false
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
  Version:          0.19.0
  GitCommit:        de40ad0

Host OS info

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.6 LTS
Release:        18.04
Codename:       bionic

Question Answer

No answer for now.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.