search

databio / bulker

Manager for multi-container computing environments
https://bulker.io
BSD 2-Clause "Simplified" License
24 stars 2 forks source link

/etc/sudoers.d is not shared from OS X and is not known to Docker. #56

Open lwaldron opened 4 years ago

lwaldron commented 4 years ago

After a recent Docker upgrade I found bulker broken, e.g. this command from waldronlab/bioconductor but the same for all bulker commands:

$ Rdev
WARNING: Published ports are discarded when using host network mode
docker: Error response from daemon: Mounts denied: 
The path /etc/sudoers.d
is not shared from OS X and is not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.
See https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.
.
ERRO[0000] error waiting for container: context canceled

To show the bulker script:

$ cat `which Rdev`
#!/bin/sh

docker run --rm --init \
  -it --volume=/Users/lwaldron/R/bioc-devel:/usr/local/lib/R/host-site-library -e DISABLE_AUTH=true -p 8788:8787 -v /Users/lwaldron:/home/rstudio \
  --user=$(id -u):$(id -g) \
  --network="host" \
  --env "DISPLAY" \
  --volume "$HOME:$HOME" \
  --volume="/etc/group:/etc/group:ro" \
  --volume="/Users/lwaldron/templates/mac_passwd:/etc/passwd:ro" \
  --volume="/etc/shadow:/etc/shadow:ro"  \
  --volume="/etc/sudoers.d:/etc/sudoers.d:ro" \
  --volume="/tmp/.X11-unix:/tmp/.X11-unix:rw" \
  --workdir="`pwd`" \

Note, I can see /etc/sudoers.d from the command line:

$ ls -al /etc/sudoers.d
total 0
drwxr-xr-x    2 root  wheel    64 Aug 18  2018 .
drwxr-xr-x  125 root  wheel  4000 May  4 11:32 ..

But I can't find it from the Docker client "File Sharing" graphical directory selection, so I didn't find a fix there. However, by removing the line:

  --volume="/etc/sudoers.d:/etc/sudoers.d:ro" \

from which Rdev, the problem went away. Doing the same to which _Rdev I see I don't have sudo access, but otherwise everything seems fine:

$ _Rdev
Starting interactive docker shell for image 'waldronlab/bioconductor:devel' and command 'Rdev'
WARNING: Published ports are discarded when using host network mode
lwaldron@docker-desktop:~$ whoami
lwaldron
lwaldron@docker-desktop:~$ sudo ls
sudo: unknown user: root
sudo: unable to initialize policy plugin
lwaldron@docker-desktop:~$

So perhaps the mac-fix script should just remove the sudoers line?

nsheff commented 4 years ago

here are a few related things I found:

Maybe /etc needs to show up in that graphical interface as shared by MacOS? Otherwise, your solution seems reasonable to me.

stolarczyk commented 4 years ago

I also experienced this issue on my mac.

First I tried adding the entire /etc in "File sharing". It has been added, but when I tried to use an executable that wanted to access the sudoers file I got an error:

docker: Error response from daemon: Mounts denied: EOF.
time="2020-08-20T10:36:36-04:00" level=error msg="error waiting for container: context canceled"

So I tried sharing just the file: /etc/sudoers.d, and it worked just fine.

Not sure if that's specific to my setup, but wanted to record this in case sb is looking for a solution in the future.

docker version info: image