Linux

sssd.conf 的 docker 權限

  • April 15, 2018

我知道它非常具體,sssd.conf就是這樣。但是在COPY(或ADDsssd.conf我收到同樣的錯誤:

ERROR: Service 'samba_adc' failed to build: failed to copy files: failed to copy file: Error processing tar file(exit status 1): Error setting up pivot dir: mkdir /share/CACHEDEV1_DATA/virtual_machines/container-station-data/lib/docker/overlay/332546c2c487355deb45468b291abacce80701b04c6061575887eceb3858a6cd/merged/etc/sssd/conf.d/.pivot_root030453588: operation not permitted

稍後在執行時將任何內容放入目錄中失敗:

# echo "sssd was here" > /etc/sssd/foo
bash: /etc/sssd/foo: Operation not permitted

chmod 對目錄中的任何內容都失敗

# chmod 755 /etc/sssd
chmod: changing permissions of '/etc/sssd': Operation not permitted

在命令之前放一個USER root什麼都不做。這是碼頭工人17.07,所以--chown=root不可能。

執行lsattr/chattr也沒用:

# chattr -i /etc/sssd
chattr: Inappropriate ioctl for device while reading flags on /etc/sssd

其他一些嘗試解決這個問題:

# rmdir /etc/sssd
rmdir: failed to remove '/etc/sssd': Directory not empty

# su sssd
# echo "sssd was here" > /etc/sssd/foo
bash: /etc/sssd/foo: Operation not permitted

在這一點上我很困惑,Google沒有給我更多,我希望我錯過了一些東西。如果你需要我的完整資源,他們在這裡(github)

編輯,添加資訊:

docker -D info

Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 59
Server Version: 17.07.0-ce
Storage Driver: overlay
Backing Filesystem: extfs
Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version:  (expected: 3addd840653146c90a254301d6c3a663c7fd6429)
runc version: N/A (expected: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4)
init version: 949e6fa
Kernel Version: 4.2.8
Operating System: QTS 4.3.4 (20180315)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.682GiB
Name: NAS
ID: CTVG:6D5G:WCK4:PXAX:GCYG:HPKN:25A2:N4AC:TRXT:ADAS:XTPB:DI2E
Docker Root Dir: /share/CACHEDEV1_DATA/virtual_machines/container-station-data/lib/docker
Debug Mode (client): true
Debug Mode (server): true
File Descriptors: 70
Goroutines: 80
System Time: 2018-03-28T11:11:47.511378666-07:00
EventsListeners: 1
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

WARNING: No kernel memory limit support

docker version

Client:
Version:       18.03.0-ce
API version:   1.31 (downgraded from 1.37)
Go version:    go1.9.4
Git commit:    0520e24
Built: Wed Mar 21 23:10:06 2018
OS/Arch:       linux/amd64
Experimental:  false
Orchestrator:  swarm

Server:
Engine:
 Version:      17.07.0-ce
 API version:  1.31 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   fd7dc00
 Built:        Thu Feb  8 15:57:38 2018
 OS/Arch:      linux/amd64
 Experimental: false

主人的uname -r

uname -r
4.2.8

事實證明,問題在於層次。在某些情況下,一旦創建了圖層,就無法修改該圖層文件的權限。(**注意:**我不確定哪些情況導致能夠與不能的確切性質。)因此,雖然我在任何先前層中所做的任何事情都不會允許我更改過去創建的特定文件的權限、所有權等層。如果我在層內或之前這樣做,那麼這樣的事情touch <blahfile> && chmod 600 <blahfile>是完全可行的。就像(和我的最終解決方案)一樣:

apt install sssd <and other requirements> && chmod 755 /etc/sssd

您用於執行操作的使用者對父目錄沒有寫權限。

引用自:https://serverfault.com/questions/905020