search

docker / for-mac

Bug reports for Docker Desktop for Mac
https://www.docker.com/products/docker#/mac
2.43k stars 118 forks source link

Permission denied on m2 mac #6939

Open reverseXiang opened 1 year ago

reverseXiang commented 1 year ago

Description

I have successfully created a docker container for a python environment, logged in as root user and used console interaction. However, when I run the command "apt-get install -y netcat", it gives me all kinds of permissions denied errors, and when I change other packages, it still gives me errors. My device runs an Apple M2 chip.And I can successfully run "apt-get install" on Intel mac.

Reproduce

dockerfile

FROM python:3.11.4-slim-buster
ENTRYPOINT ["/bin/bash"]

docker run --name python_tmp -it python:tmp root@b23daa6a51e8:/# apt-get install -y netcat

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  netcat-traditional
The following NEW packages will be installed:
  netcat netcat-traditional
0 upgraded, 2 newly installed, 0 to remove and 3 not upgraded.
Need to get 74.6 kB of archives.
After this operation, 156 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main arm64 netcat-traditional arm64 1.10-41.1 [65.5 kB]
Get:2 http://deb.debian.org/debian buster/main arm64 netcat all 1.10-41.1 [9034 B]
Fetched 74.6 kB in 1s (125 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package netcat-traditional.
(Reading database ... 6836 files and directories currently installed.)
Preparing to unpack .../netcat-traditional_1.10-41.1_arm64.deb ...
Unpacking netcat-traditional (1.10-41.1) ...
dpkg: error processing archive /var/cache/apt/archives/netcat-traditional_1.10-41.1_arm64.deb (--unpack):
 unable to create '/bin/nc.traditional.dpkg-new' (while processing './bin/nc.traditional'): Permission denied
dpkg: error while cleaning up:
 unable to remove newly-extracted version of '/bin/nc.traditional': Permission denied
Selecting previously unselected package netcat.
Preparing to unpack .../netcat_1.10-41.1_all.deb ...
Unpacking netcat (1.10-41.1) ...
dpkg: error processing archive /var/cache/apt/archives/netcat_1.10-41.1_all.deb (--unpack):
 error creating directory './usr/share/doc/netcat': Permission denied
dpkg: error while cleaning up:
 unable to remove newly-extracted version of '/usr/share/doc/netcat': Permission denied
Errors were encountered while processing:
 /var/cache/apt/archives/netcat-traditional_1.10-41.1_arm64.deb
 /var/cache/apt/archives/netcat_1.10-41.1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Expected behavior

I should have permission because i am root.

docker version

Client:
 Cloud integration: v1.0.35-desktop+001
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:32:30 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.22.0 (117440)
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:35:38 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    24.0.5
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /Users/dream/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /Users/dream/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/dream/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/dream/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/dream/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/dream/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/dream/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /Users/dream/.docker/cli-plugins/docker-scout

Server:
 Containers: 3
  Running: 1
  Paused: 0
  Stopped: 2
 Images: 3
 Server Version: 24.0.5
 Storage Driver: vfs
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.668GiB
 Name: docker-desktop
 ID: 8ea40ac1-c4bd-474b-bb46-da0ede590556
 Docker Root Dir: /host_mnt/Volumes/dreamDisk/Library/Containers/com.docker.docker/Data
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Diagnostics ID

no

Additional Info

No response

InEmbyro commented 12 months ago

I have a similar issue. When I set the data-root to the external SSD, I got the permission denied error when I tried to install cmake via apt-get install make. However, when the data-root is set as the default, I can install cmake successfully at the same condition.

Docker version

Client:
 Version:    24.0.5
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /Users/chiyung/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /Users/chiyung/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/chiyung/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/chiyung/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/chiyung/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/chiyung/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/chiyung/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /Users/chiyung/.docker/cli-plugins/docker-scout

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 24.0.5
 Storage Driver: vfs
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 5
 Total Memory: 7.667GiB
 Name: docker-desktop
 ID: 4d317fa0-1e28-4209-8c8a-efcc5a158b28
 Docker Root Dir: /host_mnt/Volumes/Chiyung_ExtSsd_1TB/Docker_mac
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Error Log

et:80 http://ports.ubuntu.com/ubuntu-ports jammy-updates/main arm64 libsasl2-modules arm64 2.1.27+dfsg2-3ubuntu1.2 [68.4 kB]                                               
Get:81 http://ports.ubuntu.com/ubuntu-ports jammy/main arm64 make arm64 4.3-4.1build1 [177 kB]                                                                              
Get:82 http://ports.ubuntu.com/ubuntu-ports jammy/main arm64 manpages-dev all 5.10-1ubuntu1 [2309 kB]                                                                       
Fetched 78.4 MB in 34s (2336 kB/s)                                                                                                                                          
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 4389 files and directories currently installed.)
Preparing to unpack .../libc6_2.35-0ubuntu3.4_arm64.deb ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/aarch64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/aarch64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/aarch64-linux-gnu/perl-base /usr/lib/aarch64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Unpacking libc6:arm64 (2.35-0ubuntu3.4) over (2.35-0ubuntu3.3) ...
dpkg: error processing archive /var/cache/apt/archives/libc6_2.35-0ubuntu3.4_arm64.deb (--unpack):
 unable to create '/etc/ld.so.conf.d/aarch64-linux-gnu.conf.dpkg-new' (while processing './etc/ld.so.conf.d/aarch64-linux-gnu.conf'): Permission denied
dpkg: error while cleaning up:
 unable to remove newly-extracted version of '/etc/ld.so.conf.d/aarch64-linux-gnu.conf': Permission denied
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/libc6_2.35-0ubuntu3.4_arm64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@fc77aac9207e:/# exit
insomnium098 commented 9 months ago

I had the same problem and was able to fix it by setting osxfs as the file sharing implementation.

Captura de pantalla 2023-12-21 a la(s) 1 35 05 p m
timohausmann commented 8 months ago

@insomnium098 thank you! I just spend one hour on a permission issue after upgrading macOS Docker Desktop.

My docker-compose contains parts like user: 1000:1000 where 1000 is my user ID ($ id -u) and this doesn't seem to work with VirtioFS.