Set permissions on log folder

[KristofMorva]

Fixes #146

Currently no permissions are set for MySQL's log folder, resulting in an error. The primary obstacle fixing it is, that we can't solve it with _get_config, because log-error returns stderr instead of the actual folder. One solution could be to use the mysqladmin variables command, but it requires a root login, which doesn't seem too comfortable.
For this patch I have chosen a lighter solution without any impact on current set-ups: very simply, the log folder can be passed as an environment variable, the same way as MYSQL_ROOT_PASSWORD and the other variables (if not set, we'll use var/log/mysql, because it's the default).

If requested, I can work on improving the solution by querying the log folder with mysqladmin. I'm not sure if we can always count on getting the root credentials, or if executing this command has any side effect, like a log entry, affecting currently running admin sessions, or anything.

[tianon]

I'm personally -1 on this, especially since we explicitly disable the logging directory in this image, and even more -1 on adding another environment variable that only triggers a chown (not passed to or used by MySQL in any way).

IMO if this is an issue (do we have a simple reproducer?), we should simply adjust the permissions on the directory in question in the Dockerfile itself and leave it at that.

[KristofMorva]

@tianon the problem occurs, if you try to make a volume for the log folder, which is probably quite a normal scenario, as you want to have the SQL persisted for any type of debugging (ref the issue tagged).
It involves, setting permission in the Dockerfile won't fix anything. Also, there are already environment variables, which are only used while starting up the image, like credentials.
Certainly I'm open to ideas for solving it without an environment variable if you have one.

[tianon]

I can't seem to replicate the failure described:

$ docker run -it --rm -v /var/log/mysql -e MYSQL_RANDOM_ROOT_PASSWORD=1 mysql:5.7
Initializing database
2017-12-21T20:38:09.770474Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-12-21T20:38:10.062904Z 0 [Warning] InnoDB: New log files created, LSN=45790
2017-12-21T20:38:10.119236Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2017-12-21T20:38:10.175738Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: db943593-e68e-11e7-be73-0242ac120013.
2017-12-21T20:38:10.176967Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2017-12-21T20:38:10.177261Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2017-12-21T20:38:10.697471Z 1 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697493Z 1 [Warning] 'user' entry 'mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697497Z 1 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697504Z 1 [Warning] 'db' entry 'performance_schema mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697506Z 1 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697512Z 1 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697529Z 1 [Warning] 'tables_priv' entry 'user mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:10.697539Z 1 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
Database initialized
Initializing certificates
Generating a 2048 bit RSA private key
...........................................+++
................+++
unable to write 'random state'
writing new private key to 'ca-key.pem'
-----
Generating a 2048 bit RSA private key
........+++
.....+++
unable to write 'random state'
writing new private key to 'server-key.pem'
-----
Generating a 2048 bit RSA private key
.......+++
...+++
unable to write 'random state'
writing new private key to 'client-key.pem'
-----
Certificates initialized
MySQL init process in progress...
2017-12-21T20:38:13.101986Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-12-21T20:38:13.102390Z 0 [Note] mysqld (mysqld 5.7.20) starting as process 91 ...
2017-12-21T20:38:13.104138Z 0 [Note] InnoDB: PUNCH HOLE support available
2017-12-21T20:38:13.104156Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2017-12-21T20:38:13.104158Z 0 [Note] InnoDB: Uses event mutexes
2017-12-21T20:38:13.104160Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2017-12-21T20:38:13.104161Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.3
2017-12-21T20:38:13.104163Z 0 [Note] InnoDB: Using Linux native AIO
2017-12-21T20:38:13.104288Z 0 [Note] InnoDB: Number of pools: 1
2017-12-21T20:38:13.104411Z 0 [Note] InnoDB: Using CPU crc32 instructions
2017-12-21T20:38:13.105188Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2017-12-21T20:38:13.108640Z 0 [Note] InnoDB: Completed initialization of buffer pool
2017-12-21T20:38:13.109607Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2017-12-21T20:38:13.120739Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2017-12-21T20:38:13.125247Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2017-12-21T20:38:13.125279Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2017-12-21T20:38:13.152245Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2017-12-21T20:38:13.152704Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2017-12-21T20:38:13.152711Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2017-12-21T20:38:13.153152Z 0 [Note] InnoDB: Waiting for purge to start
2017-12-21T20:38:13.203359Z 0 [Note] InnoDB: 5.7.20 started; log sequence number 2565377
2017-12-21T20:38:13.203980Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2017-12-21T20:38:13.204146Z 0 [Note] Plugin 'FEDERATED' is disabled.
2017-12-21T20:38:13.206892Z 0 [Note] InnoDB: Buffer pool(s) load completed at 171221 20:38:13
2017-12-21T20:38:13.212365Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
2017-12-21T20:38:13.212798Z 0 [Warning] CA certificate ca.pem is self signed.
2017-12-21T20:38:13.222113Z 0 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.222176Z 0 [Warning] 'user' entry 'mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.222202Z 0 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.222236Z 0 [Warning] 'db' entry 'performance_schema mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.222250Z 0 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.222269Z 0 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.224302Z 0 [Warning] 'tables_priv' entry 'user mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.224327Z 0 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:13.232434Z 0 [Note] Event Scheduler: Loaded 0 events
2017-12-21T20:38:13.232744Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server (GPL)
2017-12-21T20:38:13.232796Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2017-12-21T20:38:13.232807Z 0 [Note] Beginning of list of non-natively partitioned tables
2017-12-21T20:38:13.243855Z 0 [Note] End of list of non-natively partitioned tables
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
GENERATED ROOT PASSWORD: ooshoh2paixooye8lighaeti1ZaiQuet
2017-12-21T20:38:14.986784Z 5 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986800Z 5 [Warning] 'user' entry 'mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986805Z 5 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986815Z 5 [Warning] 'db' entry 'performance_schema mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986819Z 5 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986826Z 5 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986841Z 5 [Warning] 'tables_priv' entry 'user mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:14.986846Z 5 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.

2017-12-21T20:38:14.987541Z 0 [Note] Giving 0 client threads a chance to die gracefully
2017-12-21T20:38:14.987551Z 0 [Note] Shutting down slave threads
2017-12-21T20:38:14.987553Z 0 [Note] Forcefully disconnecting 0 remaining clients
2017-12-21T20:38:14.987556Z 0 [Note] Event Scheduler: Purging the queue. 0 events
2017-12-21T20:38:14.987572Z 0 [Note] Binlog end
2017-12-21T20:38:14.987961Z 0 [Note] Shutting down plugin 'ngram'
2017-12-21T20:38:14.987965Z 0 [Note] Shutting down plugin 'BLACKHOLE'
2017-12-21T20:38:14.987967Z 0 [Note] Shutting down plugin 'partition'
2017-12-21T20:38:14.987970Z 0 [Note] Shutting down plugin 'ARCHIVE'
2017-12-21T20:38:14.987972Z 0 [Note] Shutting down plugin 'INNODB_SYS_VIRTUAL'
2017-12-21T20:38:14.987975Z 0 [Note] Shutting down plugin 'INNODB_SYS_DATAFILES'
2017-12-21T20:38:14.987977Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESPACES'
2017-12-21T20:38:14.987979Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN_COLS'
2017-12-21T20:38:14.987981Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN'
2017-12-21T20:38:14.987983Z 0 [Note] Shutting down plugin 'INNODB_SYS_FIELDS'
2017-12-21T20:38:14.987985Z 0 [Note] Shutting down plugin 'INNODB_SYS_COLUMNS'
2017-12-21T20:38:14.987987Z 0 [Note] Shutting down plugin 'INNODB_SYS_INDEXES'
2017-12-21T20:38:14.987989Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESTATS'
2017-12-21T20:38:14.987991Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLES'
2017-12-21T20:38:14.987994Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_TABLE'
2017-12-21T20:38:14.987996Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_CACHE'
2017-12-21T20:38:14.987998Z 0 [Note] Shutting down plugin 'INNODB_FT_CONFIG'
2017-12-21T20:38:14.988000Z 0 [Note] Shutting down plugin 'INNODB_FT_BEING_DELETED'
2017-12-21T20:38:14.988002Z 0 [Note] Shutting down plugin 'INNODB_FT_DELETED'
2017-12-21T20:38:14.988004Z 0 [Note] Shutting down plugin 'INNODB_FT_DEFAULT_STOPWORD'
2017-12-21T20:38:14.988006Z 0 [Note] Shutting down plugin 'INNODB_METRICS'
2017-12-21T20:38:14.988008Z 0 [Note] Shutting down plugin 'INNODB_TEMP_TABLE_INFO'
2017-12-21T20:38:14.988011Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_POOL_STATS'
2017-12-21T20:38:14.988013Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE_LRU'
2017-12-21T20:38:14.988015Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE'
2017-12-21T20:38:14.988017Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX_RESET'
2017-12-21T20:38:14.988019Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX'
2017-12-21T20:38:14.988021Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM_RESET'
2017-12-21T20:38:14.988024Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM'
2017-12-21T20:38:14.988026Z 0 [Note] Shutting down plugin 'INNODB_CMP_RESET'
2017-12-21T20:38:14.988029Z 0 [Note] Shutting down plugin 'INNODB_CMP'
2017-12-21T20:38:14.988031Z 0 [Note] Shutting down plugin 'INNODB_LOCK_WAITS'
2017-12-21T20:38:14.988033Z 0 [Note] Shutting down plugin 'INNODB_LOCKS'
2017-12-21T20:38:14.988035Z 0 [Note] Shutting down plugin 'INNODB_TRX'
2017-12-21T20:38:14.988036Z 0 [Note] Shutting down plugin 'InnoDB'
2017-12-21T20:38:14.988094Z 0 [Note] InnoDB: FTS optimize thread exiting.
2017-12-21T20:38:14.988131Z 0 [Note] InnoDB: Starting shutdown...
2017-12-21T20:38:15.088355Z 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2017-12-21T20:38:15.089019Z 0 [Note] InnoDB: Buffer pool(s) dump completed at 171221 20:38:15
2017-12-21T20:38:16.104623Z 0 [Note] InnoDB: Shutdown completed; log sequence number 12156659
2017-12-21T20:38:16.110552Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2017-12-21T20:38:16.110597Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2017-12-21T20:38:16.110610Z 0 [Note] Shutting down plugin 'MyISAM'
2017-12-21T20:38:16.110628Z 0 [Note] Shutting down plugin 'CSV'
2017-12-21T20:38:16.110638Z 0 [Note] Shutting down plugin 'MEMORY'
2017-12-21T20:38:16.110648Z 0 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA'
2017-12-21T20:38:16.110693Z 0 [Note] Shutting down plugin 'sha256_password'
2017-12-21T20:38:16.110701Z 0 [Note] Shutting down plugin 'mysql_native_password'
2017-12-21T20:38:16.111012Z 0 [Note] Shutting down plugin 'binlog'
2017-12-21T20:38:16.112013Z 0 [Note] mysqld: Shutdown complete


MySQL init process done. Ready for start up.

2017-12-21T20:38:16.312502Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-12-21T20:38:16.313282Z 0 [Note] mysqld (mysqld 5.7.20) starting as process 1 ...
2017-12-21T20:38:16.315383Z 0 [Note] InnoDB: PUNCH HOLE support available
2017-12-21T20:38:16.315423Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2017-12-21T20:38:16.315428Z 0 [Note] InnoDB: Uses event mutexes
2017-12-21T20:38:16.315432Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2017-12-21T20:38:16.315436Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.3
2017-12-21T20:38:16.315439Z 0 [Note] InnoDB: Using Linux native AIO
2017-12-21T20:38:16.315781Z 0 [Note] InnoDB: Number of pools: 1
2017-12-21T20:38:16.315932Z 0 [Note] InnoDB: Using CPU crc32 instructions
2017-12-21T20:38:16.317425Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2017-12-21T20:38:16.321760Z 0 [Note] InnoDB: Completed initialization of buffer pool
2017-12-21T20:38:16.322531Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2017-12-21T20:38:16.334118Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2017-12-21T20:38:16.338482Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2017-12-21T20:38:16.338521Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2017-12-21T20:38:16.365032Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2017-12-21T20:38:16.367145Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2017-12-21T20:38:16.367176Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2017-12-21T20:38:16.368329Z 0 [Note] InnoDB: 5.7.20 started; log sequence number 12156659
2017-12-21T20:38:16.368523Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2017-12-21T20:38:16.368871Z 0 [Note] Plugin 'FEDERATED' is disabled.
2017-12-21T20:38:16.373806Z 0 [Note] InnoDB: Buffer pool(s) load completed at 171221 20:38:16
2017-12-21T20:38:16.376756Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
2017-12-21T20:38:16.377179Z 0 [Warning] CA certificate ca.pem is self signed.
2017-12-21T20:38:16.381263Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2017-12-21T20:38:16.381323Z 0 [Note] IPv6 is available.
2017-12-21T20:38:16.381341Z 0 [Note]   - '::' resolves to '::';
2017-12-21T20:38:16.381377Z 0 [Note] Server socket created on IP: '::'.
2017-12-21T20:38:16.385742Z 0 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.385810Z 0 [Warning] 'user' entry 'mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.385837Z 0 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.385882Z 0 [Warning] 'db' entry 'performance_schema mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.385895Z 0 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.385915Z 0 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.391399Z 0 [Warning] 'tables_priv' entry 'user mysql.session@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.391440Z 0 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
2017-12-21T20:38:16.399121Z 0 [Note] Event Scheduler: Loaded 0 events
2017-12-21T20:38:16.399346Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2017-12-21T20:38:16.399403Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2017-12-21T20:38:16.399413Z 0 [Note] Beginning of list of non-natively partitioned tables
2017-12-21T20:38:16.409902Z 0 [Note] End of list of non-natively partitioned tables

[KristofMorva]

@tianon Try it like this: start the container, the folder is created. Stop it, change folder permissions, and start the container again. Theoretically, MySQL shouldn't be able to access the folder anymore. It's an issue for example in some CI/CD environments (GitLab for sure), where permissions are reseted occasionally.

[tianon]

Even then I can't reproduce -- I did a chown -R 1000:1000 /var/log/mysql then restarted the container and MySQL is still running happily.

[KristofMorva]

@tianon thanks for checking it out, if I get back to work, I'll test which scenario breaks. If I remember right, for me GitLab always changed the repo owner back to root on the host, so in the container mysql couldn't access the folder (that's why the lib folder permissions are already set, to make sure MySQL can access it, whatever the host permissions are).

[tianon]

That'd be great -- having a way to reliably reproduce this would help immensely for deciding what the solution ought to be. 👍 ❤️

[KristofMorva]

@tianon I could reproduce it this way:

• On Ubuntu, start the container with a volume for the log folder
• The folder is created, it runs, awesomeness
• Stop the container
• Set root:root as the owner of the log folder on the host (-R)
• Start up the container
• It should hung on the Attaching... stage forever
• If you try the same with the updated entry point, it shouldn't stuck anymore

It might also be OS configuration and permission setting dependent, but on my server I could break it this way.

[tianon]

Still not able to reproduce: 😞

$ docker pull mysql:5.7
5.7: Pulling from library/mysql
Digest: sha256:1f95a2ba07ea2ee2800ec8ce3b5370ed4754b0a71d9d11c0c35c934e9708dcf1
Status: Image is up to date for mysql:5.7

$ docker volume create mysql-log-data
mysql-log-data

$ docker run -dit --name mysql -e MYSQL_ROOT_PASSWORD=xxxxxx -v mysql-log-data:/var/log/mysql mysql:5.7
1b71697f3e8be307830104c8dede9622158de9a25f3ddbf887877d31b779fa88

$ docker logs --tail=6 mysql
2018-01-04T18:00:03.460763Z 0 [Note] Event Scheduler: Loaded 0 events
2018-01-04T18:00:03.461005Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2018-01-04T18:00:03.461032Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2018-01-04T18:00:03.461040Z 0 [Note] Beginning of list of non-natively partitioned tables
2018-01-04T18:00:03.469653Z 0 [Note] End of list of non-natively partitioned tables

$ docker stop mysql
mysql

$ docker run -it --rm -v mysql-log-data:/log-data bash
bash-4.4# ls -l /log-data
total 12
-rw-r-----    1 999      adm           8834 Dec 12 02:24 error.log
bash-4.4# chown -R root:root /log-data
bash-4.4# ls -l /log-data
total 12
-rw-r-----    1 root     root          8834 Dec 12 02:24 error.log
bash-4.4# exit

$ docker start mysql
mysql

$ docker logs --tail=6 mysql
2018-01-04T18:01:00.827728Z 0 [Note] Event Scheduler: Loaded 0 events
2018-01-04T18:01:00.828106Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2018-01-04T18:01:00.828147Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2018-01-04T18:01:00.828161Z 0 [Note] Beginning of list of non-natively partitioned tables
2018-01-04T18:01:00.849083Z 0 [Note] End of list of non-natively partitioned tables

[KristofMorva]

@tianon thanks for checking it out.
You need to set the permission to root on the host, not inside the container. The goal is to make the container not to be able to access the folder.

[tianon]

What I did is equivalent to that, but just to be fully clear that I still cannot reproduce as described:

$ docker pull mysql:5.7
5.7: Pulling from library/mysql
Digest: sha256:1f95a2ba07ea2ee2800ec8ce3b5370ed4754b0a71d9d11c0c35c934e9708dcf1
Status: Image is up to date for mysql:5.7

$ mkdir mysql-log-data

$ docker run -dit --name mysql -e MYSQL_ROOT_PASSWORD=xxxxxx -v "$PWD/mysql-log-data":/var/log/mysql mysql:5.7
4dc317f3bddea8fdacc884241f2ee57dcef58e568787bff361ca7988eaf6050c

$ docker logs --tail=6 mysql
2018-01-05T18:21:29.059325Z 0 [Note] Event Scheduler: Loaded 0 events
2018-01-05T18:21:29.059495Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2018-01-05T18:21:29.059513Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2018-01-05T18:21:29.059518Z 0 [Note] Beginning of list of non-natively partitioned tables
2018-01-05T18:21:29.066462Z 0 [Note] End of list of non-natively partitioned tables

$ docker stop mysql
mysql

$ sudo chown -vR root:root mysql-log-data
changed ownership of 'mysql-log-data' from tianon:tianon to root:root

$ docker start mysql
mysql

$ docker logs --tail=6 mysql
2018-01-05T18:23:32.064289Z 0 [Note] Event Scheduler: Loaded 0 events
2018-01-05T18:23:32.064624Z 0 [Note] mysqld: ready for connections.
Version: '5.7.20'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2018-01-05T18:23:32.064651Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
2018-01-05T18:23:32.064658Z 0 [Note] Beginning of list of non-natively partitioned tables
2018-01-05T18:23:32.075327Z 0 [Note] End of list of non-natively partitioned tables

[KristofMorva]

@tianon And logging is enabled, right? (I don't remember the default setting)

For the reference, here are my Compose volumes:

volumes:
    - ./storage/docker/db:/var/lib/mysql
    - ./storage/docker/logs/mysql:/var/log/mysql
    - ./docker/db/mysqld.${APP_ENV}.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf

And the config file for logging:

[mysqld]
user=mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
log-error = /var/log/mysql/error.log
symbolic-links = 0

# Slow Query Log
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 1
log_queries_not_using_indexes = 1

I'm not sure what differences might there be between our systems :/

[tianon]

Nope, that'd be exactly the difference -- you've specifically asked mysqld to put a file into /var/log/mysql, where by default it does not:

root@18b61c4b5bff:/# mysqld --verbose --help | grep ^log-error
log-error                                                    stderr
log-error-verbosity                                          1

Given that configuration (and docker-compose), I'd recommend using something like the following:

        command:
            - bash
            - '-ec'
            - |
                mkdir -p /var/log/mysql
                chown -R mysql:mysql /var/log/mysql
                exec docker-entrypoint.sh mysqld

[yosifkit]

Agree with @tianon; since you are using a custom log dir, this is not an issue that needs to be solved generally in the image.