Linux
sssd.conf
的 docker 權限
我知道它非常具體,
sssd.conf
就是這樣。但是在COPY
(或ADD
)sssd.conf
我收到同樣的錯誤:ERROR: Service 'samba_adc' failed to build: failed to copy files: failed to copy file: Error processing tar file(exit status 1): Error setting up pivot dir: mkdir /share/CACHEDEV1_DATA/virtual_machines/container-station-data/lib/docker/overlay/332546c2c487355deb45468b291abacce80701b04c6061575887eceb3858a6cd/merged/etc/sssd/conf.d/.pivot_root030453588: operation not permitted
稍後在執行時將任何內容放入目錄中失敗:
# echo "sssd was here" > /etc/sssd/foo bash: /etc/sssd/foo: Operation not permitted
chmod 對目錄中的任何內容都失敗
# chmod 755 /etc/sssd chmod: changing permissions of '/etc/sssd': Operation not permitted
在命令之前放一個
USER root
什麼都不做。這是碼頭工人17.07
,所以--chown=root
不可能。執行
lsattr
/chattr
也沒用:# chattr -i /etc/sssd chattr: Inappropriate ioctl for device while reading flags on /etc/sssd
其他一些嘗試解決這個問題:
# rmdir /etc/sssd rmdir: failed to remove '/etc/sssd': Directory not empty # su sssd # echo "sssd was here" > /etc/sssd/foo bash: /etc/sssd/foo: Operation not permitted
在這一點上我很困惑,Google沒有給我更多,我希望我錯過了一些東西。如果你需要我的完整資源,他們在這裡(github)。
編輯,添加資訊:
docker -D info
Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 59 Server Version: 17.07.0-ce Storage Driver: overlay Backing Filesystem: extfs Supports d_type: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: (expected: 3addd840653146c90a254301d6c3a663c7fd6429) runc version: N/A (expected: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4) init version: 949e6fa Kernel Version: 4.2.8 Operating System: QTS 4.3.4 (20180315) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.682GiB Name: NAS ID: CTVG:6D5G:WCK4:PXAX:GCYG:HPKN:25A2:N4AC:TRXT:ADAS:XTPB:DI2E Docker Root Dir: /share/CACHEDEV1_DATA/virtual_machines/container-station-data/lib/docker Debug Mode (client): true Debug Mode (server): true File Descriptors: 70 Goroutines: 80 System Time: 2018-03-28T11:11:47.511378666-07:00 EventsListeners: 1 Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No kernel memory limit support
docker version
Client: Version: 18.03.0-ce API version: 1.31 (downgraded from 1.37) Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:10:06 2018 OS/Arch: linux/amd64 Experimental: false Orchestrator: swarm Server: Engine: Version: 17.07.0-ce API version: 1.31 (minimum version 1.12) Go version: go1.8.3 Git commit: fd7dc00 Built: Thu Feb 8 15:57:38 2018 OS/Arch: linux/amd64 Experimental: false
主人的
uname -r
uname -r 4.2.8
事實證明,問題在於層次。在某些情況下,一旦創建了圖層,就無法修改該圖層文件的權限。(**注意:**我不確定哪些情況導致能夠與不能的確切性質。)因此,雖然我在任何先前層中所做的任何事情都不會允許我更改過去創建的特定文件的權限、所有權等層。如果我在層內或之前這樣做,那麼這樣的事情
touch <blahfile> && chmod 600 <blahfile>
是完全可行的。就像(和我的最終解決方案)一樣:apt install sssd <and other requirements> && chmod 755 /etc/sssd
您用於執行操作的使用者對父目錄沒有寫權限。