Docker Community Forums

Share and learn in the Docker community.

Can't mount file to docker and make it possible to read by container using docker compose


(Mrfrost) #1

Hello,

I am unable to mount file to docker container by no means.

What I have:

  1. Linux x64 Mint (no SElinux)
  2. Docker community edition
  3. directory /elastic/docs and inside is file test.key
    files have permissions as follows:
    -rw-rw-rw- l user user test.key
    docker work directory is: /home/docker/

1st Attempt:
in docker compose I did set it up as follows:

volumes:
- ./elastic/docs/test.key:/usr/share/elastic/docs/test.key:ro

- ./elastic/docs/test.key:/usr/share/elastic/docs/test.key:ro instead of passing the file creates empty folder named test.key

So in the end in host machine in /home/docker/elastic/docs i have:

test.key (this is folder that docker created when running docker compose up)
test.key (this is file)

2nd Attempt:
In docker compose I did try to mount whole directory

volumes:
- ./elastic/docs:/usr/share/elastic/docs:ro

This time I am not able to read the file inside and I get error in container as follows:

Caused by: java.security.AccessControlException: access denied (“java.io.FilePermission” “/usr/share/elastic/docs/test.key” “read”)

I have no idea why I cannot pass this folder or file so that it will be accessible by container. Can someone tell me what i am doing wrong?


(Martin Terp) #2

Have you tried to type in the full path to the file?


(Mrfrost) #3

Yes, exacly the same issue with full path.


(Rik) #4

How about the permissions of the directory? Did you check those?


(Mrfrost) #5

Yes, it was checked. In first case I did mount the directory that had read write permission in container it did not exists so it was created by docker and cannot access the files. Then I tried to create and change permission in Dockerfile and did rebuild the image also no success.


(Rik) #6

You can first try without the ‘ro’ flag in the mount and take it from there.
Perhaps exec into the running container and check if the UID attempting the read in the container is permitted to do so?