Docker Community Forums

Share and learn in the Docker community.

Mount: permission denied inside container

#1

Hi,

In my environment I have deployed a nfs server in an ovelay network without publishing any port to the host because I want this nfs resource to be only available from containers in that network.

On the other side, I have deployed a mysql server and I want to persist the data in the nfs server.

I cannot create the volume as usual (docker volume create) because host cannot reach the nfs server.

I cannot nount the nfs volume from mysql because I get mount: permission denied.

Any clue about how to connect the mysql with my nfs server?

#2

Hi everybody, any clue about this question?

Thanks a lot in advance!

(Metin Y.) #3

Publishing your nfs port to the host would allow to use docker volume create. I assume your motivation is just a proof of concept, just to verify weather the approach you came up with is feasable.In theory publishing your port should allow docke volume create to leverage the nfs share, BUT: this is messy and i am afraid not realy reliable.

You would be required to add mechanisms to your entrypoint script to check that the nfs service in the other container is started and ready for operation. Once it’s ready for operation you would need to mount the nfs shares into the target folders and start your main process. You nfs server container would need to expose shares and have a list of allowed clients for them. I am confident the last part is where you currently fail.

If this is for a single host setup, I would stick with volume mounts. If the target environment is a multi host setup, I would definitly run a standalone nfs server or even better ask the ops team to set it up for you.

#4

Hi,

I don’t want to publish the nfs service to the host. I’d like to maintain it isolated in my overlay network. This nfs has no sense to me published in the host because the nfs service will only be “consumed” by the mysql…

In my mysql server container I have a wait-for script to wait for the nfs service to be available before mounting the nfs in my mysql an starting up the mysqld.

The problem is that when I try to mount the nfs volume in my mysql server I get a permission denied error

Thanks a lot!
Ó

(Metin Y.) #5

Did you configure your containerized nfs server properly? Usualy you have to declare shares and whitlist which machines are allowed to access them.

#6

Yes, no restrictions have been applied.

#7

It is clearly a mount restriction in the container as if I change the hostname for an invented one I get exactly the same message:

root@vdic_db:/# mount -t nfs4 -o vers=4.1,soft,intr,timeo=30,retrans=2,_netdev asdf:/ /mnt/
mount: permission denied

I have tried the privileged flag in my compose file but looks it is silently ignored.

The problem is that my service uses secrets and I cannot execute it with “docker run”…

Any clue?