Permission denied when trying to create file in host volume mounted in container

Hi there, thanks for providing this excellent piece of software: Docker. I’m enjoying it and it changed my devops life!

Right now I’m setting up a Jenkins slave on a Mac (I work in a company that does iOS stuff) and used a Docker container to isolate it. Unfortunately I couldn’t manage to get it to work, due to “Permission denied” when trying to write on the host volume from within the container. I tried both 1.11.2 (the traditional docker integration with docker-machine and virtualbox, making sure to mount from within the /Users directory) and 1.12.0-rc2 (native) and I’m having the same issue with both. Of course I made sure to have the same UIDs on both sides.

After some research I found out that with the beta I could successfully mount an external drive into Docker and write to it (not limited to /Users anymore). I guess there are specific permission issues on Mac that do not exist on Linux (I usually work with Docker on Linux). Maybe the permissions are restricted to the user running Docker whale on Mac? This is very different from Linux AFAICT. Any comment on this? Is this a known issue? I can’t see it mentioned at https://docs.docker.com/docker-for-mac/troubleshoot/

Expected behavior

I installed Docker as user jbq, and I wish to mount a volume from another user directory /Users/jenkins and be able to write to it from within the container. After all Docker is supposed to be running as root like on Linux so it should work

Actual behavior

docker run -v /Users/jenkins:/mount ubuntu touch /mount/test
touch: cannot touch '/mount/test': Permission denied

Information

This is version 1.12.0-rc2 on Mac OS 10.11.3

If this is a known limitation or an intended feature (per-user Docker container isolation specific to the Mac platform) may I suggest to mention it in the documentation?

I realize now that Docker beta is installed the user’s personal library. Is there an option to install it system-wide? That may also resolve the permissions issue.

It’s currently impossible to run Docker on the same host for multiple users. One example, the symlinks created in /usr/local/bin point to the last user who started the Docker app. And the executables found in ~/Library/Group Containers/group.com.docker/bin/ used directly do not work when another user has started Docker in his own session.

Hello,

Please read the “Access Control” and “Ownership” sections in the osxfs documentation for explanations of how OS X permissions and in-container permissions affect the function of Docker for Mac file system sharing.

If you have further questions or concerns, feel free to post them here or open other threads for specific lines of inquiry.

Thanks for participating in the Docker for Mac Beta!

Same issue with Rhel 7.4; Has it been resolved?
(when Kubernetes runs a container with the same methos - no issues…)