问题
I need your help to understand my problem.
I updated my macintosh with Catalina last week, then i updated docker for mac.
Since those updates, i have ownership issues on shared volumes.
I can reproduce with a small example. I just create a small docker-compose which build a nginx container. I have a folder src with a PHP file like this "src/index.php".
I build the container and start it. Then i go to /app/www/mysrc (shared volume) and tape "ls -la" to check if the index.php is OK and i get :
ls: cannot open directory '.': Operation not permitted
Here is a simple docker-compose file : docker-compose.yml :
version: "3"
services:
test-nginx:
restart: always
image: 'nginx:1.17.3'
ports:
- "8082:80"
volumes:
- ./src:/app/www/mysrc
When i build and start the container, i get :
$ docker-compose exec test-nginx sh
# cd /app/www
# ls -la
total 8
drwxr-xr-x 3 root root 4096 Oct 21 07:58 .
drwxr-xr-x 3 root root 4096 Oct 21 07:58 ..
drwxr-xr-x 3 root root 96 Oct 21 07:51 mysrc
# cd mysrc
# ls -la
ls: cannot open directory '.': Operation not permitted
# whoami
root
So, my nginx server is down because nginx can't access to the source files.
Thanks for your help.
回答1:
If it was working prior to the update to Catalina, the issue is due to the new permissions requested by Catalina.
Now, macOS requests permissions for everything, even for accessing a directory. So, probably you had a notification about granting Docker for Mac permission to access the shared folder, you didn't grant it, and now you are facing the outcome of such action.
To grant privileges now, go to System preferences > Security & Privacy > Files and Folders, and add Docker for Mac and your shared directory.
来源:https://stackoverflow.com/questions/58482352/operation-not-permitted-from-docker-container-logged-as-root