New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WSL2] Permissions problem with mounted windows volume #4824
Comments
I have even tried granting full control to |
Same problem. Have you resolved this issue? |
I'm having the similar behavior with a Jekyll container where the I started the container from
Running the same Docker command from WSL with the WSL Docker daemon running, ends up working fine and the file permissions are 744 so it seems to have some kind of issue when running the Docker commands from |
I think it is because of the way WSL handles permission mappings when mounting windows files. |
I have Same problem. |
same problem when I was running wsl 2 kernel of Docker for Windows ( Docker Desktop Community 2.2.0.0 42247 ), Windows 10 19041.21. |
I'm suffering the same. Windows 19541, docker desktop 2.1.7.0 edge. |
It seems like there should be a fairly simple fix here, which would be to add the |
Mounting files from "normal" Windows file system into WSL/Docker is the main reason for me to actually use WSL. Otherwise, I could use a linux VM with Hyper-V. I/O performance and compatibility (ownership, permissions) have always been the development bottleneck, either from folder shares, SMB, NFS, etc. |
With the arrival of 2.2.3 this morning, and the imminent default of WSL2 for everyone in (I think) June, I figured I'd better start working at least on a hack for this. It turns out my idea does seem to work. You can do something like this (
This seems to fix some of my issues. It is sadly, quite slow - not sure if that's because of the metadata flag. |
It is mainly slow because mounting files from Windows is very slow, compared to mountings files living in a wsl distro. The prefered workflow is to use docker from your distro of choice and store bind mount sources (source code, database data etc.) from this distro file system instead of from Windows. If you use vs code, you can even use "Remote to WSL" extension to run vs code server within WSL and the UI on Windows. |
Just to clarify @davclark 's workaround, Understandable that the file mounts to Windows are slow. The team at Microsoft noted as much for the jump from WSL1 to WSL2, and that it is an area they are working on. Even without Docker in the mix, IO that crosses the WSL2 VM boundary is slow. |
Thank you @simonferquel and @Silic0nS0ldier for clarifying about file performance. Bummer! IO performance was THE big thing I was hoping for with WSL2. I suppose mounting from another WSL2 filesystem has better performance?
I've experimented with this, and it works. At Gigantum, we have an Electron GUI that manages docker for you - it's running on the Windows host, and communicates with docker using the named pipe (npipe). Is there any way to specify a mount in a wsl distro in this scenario?
Unfortunately, many of our users are not developers, per se - they may often be researchers who have just learned a bit of Python or R. So, I also worry about file access for this kind of user: "smart, but not a developer". Anyway, this is all getting a bit far afield of the initial issue, but I wanted to clarify that the needs here can extend beyond your normative developer use case! |
Mounting from another WSL2 distro filesystem has the best performance profile (+ permission, inotify, etc).
We agree that user education is an issue there. We will try our best to bring docs, guidance etc. to get the most of Docker Desktop and WSL 2 in the future. |
Is this new issue related (WSL 1 though)?: #6209 |
I saw that #6284 was closed. Should that also address this issue? While I'm here: @simonferquel I have to say that you are quickly becoming my favorite Docker programmer. Specifically, I admire the professionalism you exhibited in that issue! |
As to my knowledge, docker for win always mounts outside folders with 755 root:root permissions, hence many programs, especially those that run outside of root context break. Has that changed with WSL2? |
Mounting a directory from a WSL2 distro keeps the mode/owner untouched (like it does on Linux). |
@simonferquel I am experiencing something different. given this
if attach to the container and check the permission of the backup and data folder, they are still root using the |
@mhamri note that your dockerfile is executed while building the container image. However, if at runtime you mount a volume in there, the permissions set on the mount source overrides the mountpoint permissions. If you are using a bind mount (mounting a wsl dir there), you need to do the chmod 0666 on your directories before mounting them. If you are using a named volume, you should initialize it using a temporary container (like |
@simonferquel you are right. but I see a behavior different in here. before WSL2 the previous docker file doesn't fail. but in WSL2 it fails. so thinking more about your comment I thought the problem should be that the folder doesn't exist in first place so the mapped folder in volumes should be created with default root permission. so I changed the build script to this
and it works. |
That is because when mounting files/directories from windows which have a different permission semantic, we expose everything to Linux as 777, and let Windows enforce permissions (if your windows account does not have sufficient rights, Linux will still try to open the file, but Windows will report an access denied error) |
Issues go stale after 90 days of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Starting official
mysql
container with empty data directory (/var/lib/mysql
) mounted from windows folder should initialize db without error.Actual behavior
Container fails to start with
[ERROR] [MY-010295] [Server] Could not set file permission for ca.pem
during db initialization.Information
Steps to reproduce the behavior
Having empty directory
c:\tmp\mysql
:The text was updated successfully, but these errors were encountered: