-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--tmpfs with --user works for the first time. Fails in subsequent container starts. #20437
Comments
/cc @rhatdan |
What are the permissions on the tmpfs on the second run? |
First run
Second
|
I would guess that since the directory does not exists on the first run docker creates it and mounts the loose permissions on top. But the underlying directory gets created as 755. Second run the directory exists and --tmpfs sees this and gets the permissions of the underlying directory. I guess the question is what is the correct behaviour. |
|
If you run this same test with /tmp or /var/tmp, I think it will work correctly. |
Yes, I run the same testcase with According to the feature highlight this option is supposed to help applications that need to write some temporary data. I would understand it should work with any location and together with |
Well it will work with any directory, the problem here is the directory did not exist in the image before running your command. Since the directory does not exist, there is no way to know which permissions should be applied to the tmpfs, I guess we could allow the specification of the perms on the volume
Or something like that. Or do we fail the --tmpfs command and say the underlying directory has to exist for tmpfs to be mounted. That would force you to build an image with /tmpfs in the image. I guess option two might be the better solution. |
I also liked the second option more given it's explicitly noted in the docs about the existence of location in the image and that is has the same permissions. I think it should explode as well -- otherwise somebody might be tempted to use it like I did and it seemed to work. |
Actually option #1 is available now.
Except it requires more thinking on the users part. |
Thank you. That's great to know, did you find a documentation on it or just found that out by reading the code? I still think the first case needs to be made consistent. |
I wrote the code, but forgot that we pass the mount options after the ":" Part of my patch never got in though, so I might be opening a pull request for it later. I have to investigate the best way to handle the missing directory problem. In docker any missing directory that gets volume mounted on, gets 755 as its permissions. |
Is docker using the permissions mount options of tmpfs after start a container? I think the expected and correct behavior should be that tmpfs should always honor the mount options permissions. |
I'm running into the same issue right now. |
same issue here Trying to run a plexinc/pms-docker container but use tmpfs for /transcode directory to speedup transcoding process on slow HD, and don't wear out ssd, but non of the method above did mount the directory with permissions that allow plex to write after a restart. To mitigate problem I need to:
What doesn't work:--tmpfs /transcode:mode=1777 always results right after run: Docker version 18.06.1-ce, build e68fc7a215 What does work:--tmpfs /transcode:uid=1000,gid=1000 uid/gid only affect directory after container restart $ docker exec -it plex ls -lah /transcode; docker restart plex; docker exec -it plex ls -lah /transcode; |
Signed-off-by: Matt Hamilton <m@tthamilton.com> Co-authored-by: Nico Berlee <nico.berlee@on2it.net>
Ola |
I'm trying to run busybox container with
--tmpfs
and-u
set. After starting the container the first time I can write to tmpfs volume, after stopping it and starting the second time it fails with permission denied.I'm running Fedora 23
To reproduce
Expected result: I can consistently write to tmpfs with several container restarts
Actual results: I can only write to tempfs on the first container start, I need to remove and recreate container
The text was updated successfully, but these errors were encountered: