search

dotnet / dotnet-docker

Docker images for .NET and the .NET Tools.
https://hub.docker.com/_/microsoft-dotnet
MIT License
4.51k stars 1.94k forks source link

Cannot build netcoreapp2.0 with 2.0.3-sdk-nanoserver-1709 with docker run -v PathToProject:PathInDocker #347

Closed kdrblkbs closed 6 years ago

kdrblkbs commented 7 years ago

Hello everyone, i hope anyone can help me out with the following issue.

Short Recap:

I am trying to build a netcoreapp2.0 project with mircosoft/dotnet:2.0.3-sdk-nanoserver-1709 as follows: docker run -it --rm -v ${PWD}:c:/data microsoft/dotnet:2.0.3-sdk-nanoserver-1709 When trying to build the project within the container with dotnet build i run into C:\Program Files\dotnet\sdk\2.0.3\NuGet.targets(102,5): error : Access to the path is denied. [C:\data\testProject.csproj]

Steps to reproduce the issue

  1. Either use an existing project or create a new one with dotnet new console
  2. either cd into the project directory and run docker run -it --rm -v ${PWD}:c:/data microsoft/dotnet:2.0.3-sdk-nanoserver-1709 or run docker run -it --rm -v PathToProject:c:/data microsoft/dotnet:2.0.3-sdk-nanoserver-1709 where PathToProject is the path to the project directory
  3. within the container change into the directory where the project files are accessible cd data
  4. dotnet build or dotnet run

Expected behavior

Successful build.

Actual behavior

Error Message: C:\Program Files\dotnet\sdk\2.0.3\NuGet.targets(102,5): error : Access to the path is denied. [C:\data\testProject.csproj]

Output of docker version

Client:
 Version:      17.09.0-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:40:09 2017
 OS/Arch:      windows/amd64

Server:
 Version:      17.09.0-ce
 API version:  1.32 (minimum version 1.24)
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:50:27 2017
 OS/Arch:      windows/amd64
 Experimental: true

Output of docker info

Containers: 32
 Running: 0
 Paused: 0
 Stopped: 32
Images: 5
Server Version: 17.09.0-ce
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd json-file logentries splunk syslog
Swarm: inactive
Default Isolation: hyperv
Kernel Version: 10.0 16299 (16299.15.amd64fre.rs3_release.170928-1534)
Operating System: Windows 10 Enterprise
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 15.88GiB
Name: ID-CH-0302
ID: E7DZ:FCTT:IN2C:FNPT:2KDM:KCLB:FSNC:XLSC:YYOD:MCFW:BPJG:HXTM
Docker Root Dir: C:\ProgramData\Docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: -1
 Goroutines: 25
 System Time: 2017-12-04T20:09:51.2118434+01:00
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Regards

MichaelSimons commented 7 years ago

@kdrblkbs, what are ACLs on the folders you are volume mapping into the container? Do machine users have access? Have you tried running with -u ContainerAdministrator?

@PatrickLang - FYI - A question that should be answered by https://github.com/MicrosoftDocs/Virtualization-Documentation/issues/673.

kdrblkbs commented 7 years ago

Hello, @MichaelSimons providing -u ContainerAdministrator did not help. However i was suspecting that it must be somehow related to ACLs, which is why i tried a bunch of stuff within the container without any success. But finally i ran docker from an administrator shell and then it worked. Before that i was running docker "normally" from a powershell with my usual user account (which is also a local admin on the machine). Is this behavior correct? The ACLs for the directory the test project is in are as follows:

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : NT-AUTHORITY\SYSTEM
IsInherited       : True
InheritanceFlags  : ContainerInherit, ObjectInherit
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : Default\Administrators
IsInherited       : True
InheritanceFlags  : ContainerInherit, ObjectInherit
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : MyUserAccount
IsInherited       : True
InheritanceFlags  : ContainerInherit, ObjectInherit
PropagationFlags  : None

Regards

ravimeda commented 6 years ago

@kdrblkbs here is a detailed description of permission model (https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/virtualization/windowscontainers/manage-containers/container-storage.md#permissions) Hopefully, this addresses your concern. Please let me know if you have questions..

MichaelSimons commented 6 years ago

Closing issue as there have been no further questions. Feel free to reopen, log a new issue, or open an issue on the Documentation if there are unanswered questions.

azstate commented 6 years ago

Hello.. I am trying to run an image on Azure Windows Server 1709 with containers machine. I have mapped volume using -v :. Docker image is not able to access the docx files located at the mapped volume. Gives Access Denied Error. have tried running image with -u , it did not work