Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provider permission issue on restarting of container #11

Closed
browe-fs opened this issue Nov 17, 2017 · 3 comments
Closed

Provider permission issue on restarting of container #11

browe-fs opened this issue Nov 17, 2017 · 3 comments
Assignees
@mjstealey

Comments

@browe-fs
Copy link

browe-fs commented Nov 17, 2017
edited
Loading

The irods provider is failing to restart after the container has been removed when using named volumes. I have been able to work around this error with bind mounts you originally presented. I wanted to bring this to your attention @mjstealey just in case anyone else is experiencing this when using named volumes. Here is the error code.

2017-11-16 17:13:55.550 UTC [48] FATAL: data directory "/var/lib/postgresql/data" has group or world access
2017-11-16 17:13:55.550 UTC [48] DETAIL: Permissions should be u=rwx (0700).

My OS is Centos 7 Atomic Host.
Here are the commands I ran to produce the error.

  1. $ docker pull mjstealey/irods-provider-postgres:latest

  2. $ docker run -ti --name provider -h irods-provider -v var_irods:/var/lib/irods:z -v etc_irods:/etc/irods:z -v var_pgdata:/var/lib/postgresql/data:z mjstealey/irods-provider-postgres:latest -i run_irods

  3. $ docker stop provider

  4. $ docker rm provider

  5. $ docker run -ti --name provider -h irods-provider -v var_irods:/var/lib/irods:z -v etc_irods:/etc/irods:z -v var_pgdata:/var/lib/postgresql/data:z mjstealey/irods-provider-postgres:latest -x run_irods

Here is an example of a working command with bind mounts.

$ docker run -ti --name provider -h irods-provider -v /var/lib/docker/var_irods:/var/lib/irods:z -v /var/lib/docker/etc_irods:/etc/irods:z -v /var/lib/docker/var_pgdata:/var/lib/postgresql/data:z mjstealey/irods-provider-postgres:latest -i run_irods
@mjstealey
Copy link
Owner

@browe-fs - Thank you for the information.

I suspect you're bumping up against SE Linux enforcement as I do not observe this behavior on CentOS 7 without SE Linux or on the macOS implementation of Docker. I'll look at spinning up a SE Linux enabled box on my end to do some testing.

I'd be curious if you could still get volume mounts working outside of /var/lib/docker/... by using the included UID and GID flags?

By default they are:

# UID / GID settings
ENV UID_POSTGRES=999
ENV GID_POSTGRES=999
ENV UID_IRODS=998
ENV GID_IRODS=998

These settings will be modified if you change them from the defaults.
The intent is to allow you to set the container 's notion of UID and GID values to be the same as real users on your host system. In this way the data becomes natively permissioned to actual users on the host, and not some arbitrary Docker container user.

I allude to this by example in the real world usage section the README file.

@mjstealey mjstealey self-assigned this Nov 17, 2017
@browe-fs
Copy link
Author

@mjstealey - No problem! I successfully got the volumes mount to work with the default UID and GID outside of /var/lib/docker. I instead placed them in my user's folder at /home/browe/.... This also still worked when restarting the container.

@mjstealey
Copy link
Owner

resolved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjstealey mjstealey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mjstealey @browe-fs