Closed mortya closed 5 years ago
@mortya I tried to reproduce this by running docker daemon under a remapped root (--userns-remap=smahajan)
[root@localhost docker-lvm-plugin]# cat /etc/subuid
smahajan:120000:65536
[root@localhost docker-lvm-plugin]# cat /etc/subuid
smahajan:120000:65536
The problem is docker-lvm-plugin
is running as root
and it's graph directory (/var/lib/docker-lvm-plugin
) is owned by root:root
. When you launch the container, it will run as remapped root (120000) {non-root} and does not have the permission to mount a root path into the container rootfs.
Correct solution would be when docker-lvm-plugin starts (restarts), it should query docker daemon to check if the daemon is running under a remapped root, and chown
it's own root (graph) directory to remapped root.
I don't like the idea of adding a dependency to docker daemon, to be able to start the plugin. Since if we add this, docker daemon should be running when the plugin starts so it can query the daemon.
We can get around this situation by:
1) chown 120000:120000 /var/lib/docker-lvm-plugin 2) chmod 755 /var/lib/docker-lvm-plugin (As suggested by you).
I prefer (1) since that's the remapped user container is running under. Also (2) makes /var/lib/docker-lvm-plugin
world executable. I ll leave it upto you, which one you wanna choose.
Closing it in favor of workaround for now. If more people start facing this issue, we can think of addressing it in the code.
I have docker configured with
userns-remap
. With default permissions, docker-lvm-plugin doesn't work right. It can create volumes, but they can't actually be mounted.This appears to be a simple permission issue. Workaround:
chmod 755 /var/lib/docker-lvm-plugin/
Probably best to fix it in the code, though.