Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot chown or chmod bind mounted files/dirs #83

Open
chrisdostert opened this issue Dec 7, 2021 · 28 comments
Open

Cannot chown or chmod bind mounted files/dirs #83

chrisdostert opened this issue Dec 7, 2021 · 28 comments

Comments

@chrisdostert
Copy link

Hello and thank you for the awesome project!

I'm running into an inconsistency between docker for mac and lima.
With docker for mac, I can successfully chown & chmod bind mounted files/dirs within a container.

If I attempt this with colima I get chown: file.txt: Permission denied

@thejan2009
Copy link

Related upstream issue: lima-vm/lima#231

@lorsatti
Copy link

I can chmod (tested with colima 0.3.0, but don't know if it is related). chown still not working.

@jklewa
Copy link

jklewa commented Jan 31, 2022

Getting this issue on some popular images, which will attempt to correct host-mounted volume file ownership/permissions during their entrypoint scripts

postgres:/var/lib/postgresql/data
redis:/data

@HansG89
Copy link

HansG89 commented Mar 2, 2022

Same problem with mosquitto mqtt broker from dockerhub

mosquitto:/mosquitto

@jhogendorn
Copy link

Is this considered fixed or still outstanding? I'm experiencing this issue with the jekyll/jekyll container, on the HEAD install of colima, lima, qemu.

I've tried following these instructions: lima-vm/lima#231 (comment)

But have not had any luck.

@abiosoft
Copy link
Owner

abiosoft commented Jun 9, 2022

@jhogendorn what is your exact situation? Have you tried starting Colima with --mount-type 9p?

@jhogendorn
Copy link

jhogendorn commented Jun 9, 2022

@jhogendorn what is your exact situation? Have you tried starting Colima with --mount-type 9p?

I'm running a jekyll container with docker compose.

version: '2.2'

services:
  jekyll:
    image: jekyll/jekyll:stable
    command: jekyll serve --watch --force_polling --verbose
    ports:
      - 4000:4000
    volumes:
      - .:/srv/jekyll

Before, i was getting just a big list of chown errors.

If i start colima with --mount-type 9p then i get a slightly different permission error: /usr/local/lib/ruby/3.1.0/fileutils.rb:243:in mkdir: Permission denied @ dir_s_mkdir - /srv/jekyll/.jekyll-cache (Errno::EACCES)

I got around that by running mkdir .jekyll-cache

Then it was failing due to envygeeks/jekyll-docker#335

However, if i setup the gemfile to resolve this, it fails again with There was an error while trying to write to /srv/jekyll/Gemfile.lock

So it clearly cant write to the bind mount correctly. i've tried Z and rw modes in the volume as well.

@abiosoft
Copy link
Owner

abiosoft commented Jun 9, 2022

@jhogendorn I am more confident in 9p than sshfs even though it's slower (provided you do not need symlinks).
It is most likely the user permission.

Does it work if you specify the uid manually by adding user: 501 to your docker compose file? You can verify your uid in the terminal with id -u.

@jhogendorn
Copy link

Does it work if you specify the uid manually by adding user: 501 to your docker compose file? You can verify your uid in the terminal with id -u.

No, it fails because it cannot find the jekyll binary due to how the container is constructed.

/usr/jekyll/bin/jekyll: exec: line 16: /usr/local/bundle/bin/jekyll: not found

Like a lot of poorly made containers, it requires to be run as root user.

@jhogendorn
Copy link

I will note its managed to create a directory structure inside .jekyll-cache, and has some files inside that.

Perhaps this is limited to the 'top level' of the mount? It could not create the .jekyll-cache folder, but can write inside it. Gemfile.lock will be top level also.

@abiosoft
Copy link
Owner

abiosoft commented Jun 9, 2022

The other option is to make the directory writable for other users (not sure if that is ideal for you). This is specific to 9p mount.

chmod 777 ./jekyll

@abiosoft
Copy link
Owner

abiosoft commented Jun 9, 2022

Perhaps this is limited to the 'top level' of the mount? It could not create the .jekyll-cache folder, but can write inside it. Gemfile.lock will be top level also.

For sshfs, yes. If the directory is created on the host, it cannot chmod on it, but works fine on subfiles and subdirectories.
For 9p, you can only write if running as root (in the container) or the container userId matches the owner of the directory on host.

@jhogendorn
Copy link

chmod 777 does work. thats a rough hack though.

I ended up swapping to a different base container, it became evident the issues were many and mostly around that particular container rather than colima etc.

Thanks for your help, appreciated.

@maoxuner
Copy link

maoxuner commented Nov 21, 2022

@nulllpoint In a recent release, the securityModel option changed its default value; you may need to specify it manually for mapped-xattr.
image
Originally posted by @mritd in lima-vm/lima#231 (comment)

colima dosen't support 9p options in mounts. everytime it removes 9p from colima.yaml


currently can use lima override.yaml to modify mounts as a fallback

@bofm
Copy link

bofm commented Dec 6, 2022

This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.

  1. Put this into your /Users/<username>/.lima/_config/override.yaml:

    mountType: 9p
    mounts:
      - location: "/Users/<username>"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: "~"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: /tmp/colima
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
  2. colima delete

  3. colima start --mount-type 9p

Versions:

  • MBP M1 MacOS Monterey (12.5)
  • lima 0.13.0
  • colima 0.4.6

@genki
Copy link

genki commented Dec 21, 2022

@bofm Confirmed it fixes for my env too.

  • Macbook Air M2 MacOS 13.1
  • lima 0.14.1
  • colima 0.5.1

@benblasco
Copy link

No, it fails because it cannot find the jekyll binary due to how the container is constructed.

Hi @jhogendorn which container image did you switch to instead of jekyll/jekyll? I am encountering the exact same error message as you: /usr/jekyll/bin/jekyll: exec: line 16: /usr/local/bundle/bin/jekyll: not found

@archcst
Copy link

archcst commented Mar 1, 2023

@bofm awesome! finaly fixed my same issue, thx!

@atlasloewenherz
Copy link

atlasloewenherz commented Oct 12, 2023

Hi everyone,

unfotuntely this is still persisting as a problem across multiple containers combinations:

`
➜ colima colima --version && lima --version && uname -a
colima version 0.5.6
limactl version 0.17.2
Darwin nubia 23.0.0 Darwin Kernel Version 23.0.0: Fri Sep 15 14:41:43 PDT 2023; root:xnu-10002.1.13~1/RELEASE_ARM64_T6000 arm64

`

when starting a container with a volume as following:

➜  colima docker run -it -v $(pwd)/volume:/data busybox:latest
docker: Error response from daemon: error while creating mount source path '/Users/ely/projects/kasandra/colima/volume': chown /Users/ely/projects/kasandra/colima/volume: operation not permitted.
ERRO[0000] error waiting for container:

the volume folder is available and writeable by the current user

docker info:

  colima docker info
Client: Docker Engine - Community
 Version:    24.0.6
 Context:    colima
 Debug Mode: false

Server:
 Containers: 12
  Running: 0
  Paused: 0
  Stopped: 12
 Images: 6
 Server Version: 23.0.6
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1fbd70374134b891f97ce19c70b6e50c7b9f4e0d
 runc version: 860f061b76bb4fc671f0f9e900f7d80ff93d4eb7
 init version:
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 6.1.29-0-virt
 Operating System: Alpine Linux v3.18
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 15.59GiB
 Name: colima
 ID: ba948050-ef3d-4054-9702-8cc9e53c5669
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: atlasloewenherz
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false


@abdonrd
Copy link

abdonrd commented Oct 20, 2023

Has anyone been able to solve it?

My use case:

version: '3'
services:
  database:
    image: postgis/postgis:13-master
    # Required when running on platform other than amd64, like Apple M1/M2:
    platform: linux/amd64
    volumes:
      - ./data/database:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: 'directus'
      POSTGRES_PASSWORD: 'directus'
      POSTGRES_DB: 'directus'

  directus:
    image: directus/directus:10.4.0
    ports:
      - 8055:8055
    volumes:
      - ./uploads:/directus/uploads
      # If you want to load extensions from the host
      # - ./extensions:/directus/extensions
    depends_on:
      - database
    environment:
      KEY: '255d861b-5ea1-5996-9aa3-922530ec40b1'
      SECRET: '6116487b-cda1-52c2-b5b5-c8022c45e263'

      DB_CLIENT: 'pg'
      DB_HOST: 'database'
      DB_PORT: '5432'
      DB_DATABASE: 'directus'
      DB_USER: 'directus'
      DB_PASSWORD: 'directus'

      ADMIN_EMAIL: '[email protected]'
      ADMIN_PASSWORD: 'd1r3ctu5'

The logs are:

~/Desktop/directus-colima with node(v18.16.1) ⌚ 11:34:27
$ docker compose up
[+] Building 0.0s (0/0)                                                                                                                                           docker:colima
[+] Running 2/0
 ✔ Container directus-colima-database-1  Created                                                                                                                           0.0s 
 ✔ Container directus-colima-directus-1  Created                                                                                                                           0.0s 
Attaching to directus-colima-database-1, directus-colima-directus-1
directus-colima-database-1  | chown: changing ownership of '/var/lib/postgresql/data': Permission denied
directus-colima-database-1 exited with code 1
directus-colima-directus-1  | [15:34:30.729] INFO: Initializing bootstrap...
directus-colima-directus-1  | [15:34:55.866] ERROR: Can't connect to the database.
directus-colima-directus-1  | [15:34:55.867] ERROR: getaddrinfo ENOTFOUND database
directus-colima-directus-1  |     err: {
directus-colima-directus-1  |       "type": "Error",
directus-colima-directus-1  |       "message": "getaddrinfo ENOTFOUND database",
directus-colima-directus-1  |       "stack":
directus-colima-directus-1  |           Error: getaddrinfo ENOTFOUND database
directus-colima-directus-1  |               at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26)
directus-colima-directus-1  |       "errno": -3008,
directus-colima-directus-1  |       "code": "ENOTFOUND",
directus-colima-directus-1  |       "syscall": "getaddrinfo",
directus-colima-directus-1  |       "hostname": "database"
directus-colima-directus-1  |     }
directus-colima-directus-1 exited with code 1

The error is:

chown: changing ownership of '/var/lib/postgresql/data':

Simple example:

version: '3'
services:
  database:
    image: postgres:15.4-alpine
    volumes:
      - ./data/database:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: 'directus'
      POSTGRES_PASSWORD: 'directus'
      POSTGRES_DB: 'directus'

Console:

$ docker compose up
[+] Building 0.0s (0/0)                                                                                                                                                     docker:colima
[+] Running 2/0
 ✔ Network postgresql-colima_default       Created                                                                                                                                   0.0s 
 ✔ Container postgresql-colima-database-1  Created                                                                                                                                   0.0s 
Attaching to postgresql-colima-database-1
postgresql-colima-database-1  | chown: /var/lib/postgresql/data: Permission denied
postgresql-colima-database-1 exited with code 1

@pablon
Copy link

pablon commented Nov 15, 2023

Has anyone been able to solve it?

Same use case.- Resolved it following @bofm 's comment in three easy steps:

1. Stop colima and create override.yaml file

🧨 To start from scratch I deleted all colima profiles first:

➜ colima list | awk "/$(uname -m)/ {print \$1}" | while read i ; do colima stop -p ${i} ; colima delete -p ${i} ; done
➜ colima stop

➜ [ -d "${HOME}/.colima/_config" ] || mkdir -vp "${HOME}/.colima/_config"

➜ cat << EOF > ${HOME}/.colima/_config/override.yaml
mountType: 9p
mounts:
  - location: ${HOME}
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
  - location: "~"
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
  - location: /tmp/colima
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
EOF

2. Edit the template

⚠️ Make sure you have: mountType: 9p

➜ colima template

3. Then start colima editing the configuration file before start:

⚠️ Make sure you have: mountType: 9p

➜ colima start --edit

Tried your docker-compose.yaml example:

version: '3'
services:
  database:
    image: postgres:15.4-alpine
    volumes:
      - ./data/database:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: 'directus'
      POSTGRES_PASSWORD: 'directus'
      POSTGRES_DB: 'directus'
➜  ls -lao
total 8
drwxr-xr-x   3 user   96 Nov 15 08:54 ./
drwxr-xr-x  23 user  736 Nov 15 08:53 ../
-rw-r--r--   1 user  244 Nov 15 08:49 docker-compose.yaml
➜  docker compose up -d
[+] Building 0.0s (0/0)                                    docker:colima
[+] Running 2/2
 ✔ Network colima_default       Created                    0.1s
 ✔ Container colima-database-1  Started                    0.0s
➜  ls -lao
total 8
drwxr-xr-x   4 user  128 Nov 15 08:54 ./
drwxr-xr-x  23 user  736 Nov 15 08:53 ../
drwx------@  3 user   96 Nov 15 08:54 data/
-rw-r--r--   1 user  244 Nov 15 08:49 docker-compose.yaml
➜  tree -d data
data
└── database
    ├── base
    │   ├── 1
    │   ├── 16384
    │   ├── 4
    │   └── 5
    ├── global
    ├── pg_commit_ts
    ├── pg_dynshmem
    ├── pg_logical
    │   ├── mappings
    │   └── snapshots
    ├── pg_multixact
    │   ├── members
    │   └── offsets
    ├── pg_notify
    ├── pg_replslot
    ├── pg_serial
    ├── pg_snapshots
    ├── pg_stat
    ├── pg_stat_tmp
    ├── pg_subtrans
    ├── pg_tblspc
    ├── pg_twophase
    ├── pg_wal
    │   └── archive_status
    └── pg_xact

28 directories
➜  docker exec -it colima-database-1 psql -U directus -c '\l'
                                                List of databases
   Name    |  Owner   | Encoding |  Collate   |   Ctype    | ICU Locale | Locale Provider |   Access privileges
-----------+----------+----------+------------+------------+------------+-----------------+-----------------------
 directus  | directus | UTF8     | en_US.utf8 | en_US.utf8 |            | libc            |
 postgres  | directus | UTF8     | en_US.utf8 | en_US.utf8 |            | libc            |
 template0 | directus | UTF8     | en_US.utf8 | en_US.utf8 |            | libc            | =c/directus          +
           |          |          |            |            |            |                 | directus=CTc/directus
 template1 | directus | UTF8     | en_US.utf8 | en_US.utf8 |            | libc            | =c/directus          +
           |          |          |            |            |            |                 | directus=CTc/directus
(4 rows)

darwin21.0
colima version 0.6.1
limactl version 0.18.0
x86_64

@97lele
Copy link

97lele commented Nov 28, 2023

This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.

  1. Put this into your /Users/<username>/.lima/_config/override.yaml:
    mountType: 9p
    mounts:
      - location: "/Users/<username>"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: "~"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: /tmp/colima
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
  2. colima delete
  3. colima start --mount-type 9p

Versions:

  • MBP M1 MacOS Monterey (12.5)
  • lima 0.13.0
  • colima 0.4.6

It can't work by path/Users/<username>/.lima/_config in my version ,
then i chose another path /Users/<username>/.colima/_lima/_config and it works ,for reference only

  • MBP M1 MacOS Monterey (12.4)
  • lima 0.18.0
  • colima 0.6.1

@jredbeard
Copy link

This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.

  1. Put this into your /Users/<username>/.lima/_config/override.yaml:
    mountType: 9p
    mounts:
      - location: "/Users/<username>"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: "~"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: /tmp/colima
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
  2. colima delete
  3. colima start --mount-type 9p

Versions:

  • MBP M1 MacOS Monterey (12.5)
  • lima 0.13.0
  • colima 0.4.6

It can't work by path/Users/<username>/.lima/_config in my version , then i chose another path /Users/<username>/.colima/_lima/_config and it works ,for reference only

  • MBP M1 MacOS Monterey (12.4)
  • lima 0.18.0
  • colima 0.6.1

Also worked for me. Thanks!

@ishan123456789
Copy link

ishan123456789 commented Jan 16, 2024

This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.

  1. Put this into your /Users/<username>/.lima/_config/override.yaml:
    mountType: 9p
    mounts:
      - location: "/Users/<username>"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: "~"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: /tmp/colima
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
  2. colima delete
  3. colima start --mount-type 9p

Versions:

  • MBP M1 MacOS Monterey (12.5)
  • lima 0.13.0
  • colima 0.4.6

It can't work by path/Users/<username>/.lima/_config in my version , then i chose another path /Users/<username>/.colima/_lima/_config and it works ,for reference only

  • MBP M1 MacOS Monterey (12.4)
  • lima 0.18.0
  • colima 0.6.1

This works but I had override.yaml defined at this path as well /Users/<username>/.lima/_config so make sure you delete this one before defining one at /Users/<username>/.colima/_lima/_config path else it won't allow colima to even start

@Rahim-Chan
Copy link

This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.

  1. Put this into your /Users/<username>/.lima/_config/override.yaml:
    mountType: 9p
    mounts:
      - location: "/Users/<username>"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: "~"
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
      - location: /tmp/colima
        writable: true
        9p:
          securityModel: mapped-xattr
          cache: mmap
  2. colima delete
  3. colima start --mount-type 9p

Versions:

  • MBP M1 MacOS Monterey (12.5)
  • lima 0.13.0
  • colima 0.4.6

It can't work by path/Users/<username>/.lima/_config in my version , then i chose another path /Users/<username>/.colima/_lima/_config and it works ,for reference only

  • MBP M1 MacOS Monterey (12.4)
  • lima 0.18.0
  • colima 0.6.1

Also worked for me. Thanks!

This works

@Stokestack
Copy link

Another popular software package that's afflicted by this: Supabase. Bug report here.

@ruslanvs
Copy link

ruslanvs commented Aug 3, 2024

Yes! Changing the VM type to macOS Virtualization.Framework as recommended here worked for me:

# delete existing instance
colima delete 

# create new instance with vz
colima start --vm-type=vz

Another popular software package that's afflicted by this: Supabase. Bug report here.

@Stokestack thanks for this pointer!

@dimitarvp
Copy link

dimitarvp commented Dec 10, 2024

I confirm that changing Colima's VM type worked for me without having to change anything else (so I did not do any of the steps contained in the highest upvoted comment much more above). Thanks @ruslanvs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests