Permission erros to create subdirectories

Docker Desktop
1

Expected behavior

Actual behavior

Running a CentOS 6.7 based docker image. Getting permission errors.

Information

  • the output of:
    • Moby Menu > Diagnose & Feedback on OSX
      Docker for Mac: version: mac-v1.12.0-beta18-3-gec40b14
      OS X: version 10.11.4 (build: 15E65)
      logs: /tmp/20160708-170313.tar.gz
      [OK] docker-cli
      [OK] app
      [OK] menubar
      [OK] virtualization
      [OK] system
      [OK] osxfs
      [OK] db
      [OK] slirp
      [OK] moby-console
      [OK] logs
      [OK] vmnetd
      [OK] env
      [OK] moby
      [OK] driver.amd64-linux

OSX 10.11.4
Darwin smvs.local 15.4.0 Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64

Here is the issueL
[mapr@demo zkdata]$ pwd
/opt/mapr/zkdata
[mapr@demo zkdata]$ ls -ld .
drwxr-x— 2 mapr mapr 4096 Jun 16 06:35 .
[mapr@demo zkdata]$ id -a
uid=500(mapr) gid=500(mapr) groups=500(mapr),501(shadow)
[mapr@demo zkdata]$ mkdir test
mkdir: cannot create directory `test’: Permission denied
[mapr@demo zkdata]$

[mapr@demo zkdata]$ strace mkdir test
execve(“/bin/mkdir”, [“mkdir”, “test”], [/* 19 vars */]) = 0
brk(0) = 0x15cd000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d23d000
access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
open(“/etc/ld.so.cache”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=18035, …}) = 0
mmap(NULL, 18035, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c5d238000
close(3) = 0
open(“/lib64/libselinux.so.1”, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\0\0\0\0\0\0”…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=122040, …}) = 0
mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8c5ce00000
mprotect(0x7f8c5ce1d000, 2093056, PROT_NONE) = 0
mmap(0x7f8c5d01c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f8c5d01c000
mmap(0x7f8c5d01e000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d01e000
close(3) = 0
open(“/lib64/libc.so.6”, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\1\0\0\0\0\0”…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1923352, …}) = 0
mmap(NULL, 3750184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8c5ca6c000
mprotect(0x7f8c5cbf6000, 2097152, PROT_NONE) = 0
mmap(0x7f8c5cdf6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f8c5cdf6000
mmap(0x7f8c5cdfc000, 14632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8c5cdfc000
close(3) = 0
open(“/lib64/libdl.so.2”, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0”…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19536, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d237000
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8c5c868000
mprotect(0x7f8c5c86a000, 2097152, PROT_NONE) = 0
mmap(0x7f8c5ca6a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f8c5ca6a000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d235000
arch_prctl(ARCH_SET_FS, 0x7f8c5d2357a0) = 0
mprotect(0x7f8c5ca6a000, 4096, PROT_READ) = 0
mprotect(0x7f8c5cdf6000, 16384, PROT_READ) = 0
mprotect(0x7f8c5d01c000, 4096, PROT_READ) = 0
mprotect(0x7f8c5d23e000, 4096, PROT_READ) = 0
munmap(0x7f8c5d238000, 18035) = 0
statfs(“/selinux”, {f_type=0x61756673, f_bsize=4096, f_blocks=51329348, f_bfree=45373353, f_bavail=42760201, f_files=13049856, f_ffree=13015907, f_fsid={0, 0}, f_namelen=242, f_frsize=4096}) = 0
brk(0) = 0x15cd000
brk(0x15ee000) = 0x15ee000
open(“/proc/filesystems”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d23c000
read(3, “nodev\tsysfs\nnodev\trootfs\nnodev\tt”…, 1024) = 462
read(3, “”, 1024) = 0
close(3) = 0
munmap(0x7f8c5d23c000, 4096) = 0
open(“/usr/lib/locale/locale-archive”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=99160384, …}) = 0
mmap(NULL, 99160384, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c569d6000
close(3) = 0
mkdir(“test”, 0777) = -1 EACCES (Permission denied)
open(“/usr/share/locale/locale.alias”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2512, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d23c000
read(3, “# Locale name alias data base.\n#”…, 4096) = 2512
read(3, “”, 4096) = 0
close(3) = 0
munmap(0x7f8c5d23c000, 4096) = 0
open(“/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en/LC_MESSAGES/coreutils.mo”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=435, …}) = 0
mmap(NULL, 435, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c5d23c000
close(3) = 0
write(2, “mkdir: “, 7mkdir: ) = 7
write(2, “cannot create directory test'", 30cannot create directory test’) = 30
open(”/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(”/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en_US/LC_MESSAGES/libc.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
open(“/usr/share/locale/en/LC_MESSAGES/libc.mo”, O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, “: Permission denied”, 19: Permission denied) = 19
write(2, “\n”, 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
[mapr@demo zkdata]$

2

Hello Mitra,

Could you please provide a Docker command, script, Dockerfile, etc to help us reproduce this issue?

Thank you,

David

3

Hi David

We found the cause for this. Two parts are there for the problem.

  1. We are trying to write something to the directory which was created as
    part of the image creation. That was failing which is causing our software
    to not to start. We circumvented that by passing the path as a volume to
    the container. That is taken care.

  2. Our software is looking for the /sys/devices/system/node/node*
    directories on the container. I am not sure how to get around this issue.
    On an underlying Linux (either ubuntu or on centos) we have the
    /sys/devices/system/node/node* directories and we are seeing these in the
    running container. But on mac osx when we run any container we dont see
    these. You can verify this by running the latest centos image.
    Here is a run on CentOS 7.0:

cat /etc/redhat-release

CentOS Linux release 7.0.1406 (Core)

[root@qa101-135 ~]# docker run -it centos:latest /bin/bash

[root@b1f6413e8fb5 /]#

[root@b1f6413e8fb5 /]# ls /sys/devices/system/node/

has_cpu has_memory has_normal_memory node0 node1 online possible
power uevent

[root@b1f6413e8fb5 /]#

Here is a run on my laptop with OS X 10.11.4:

$ docker run -it centos:latest /bin/bash

[root@a01b99f0001d /]# ls /sys/devices/system

clockevents clocksource container cpu memory

[root@a01b99f0001d /]# ls /sys/devices/system/node/*

ls: cannot access /sys/devices/system/node/*: No such file or directory

[root@a01b99f0001d /]#

Our software is doing NUMA aware and doing some checks based on the number
of nodes available on the node.
Is there any way we can mimic this FS structure ?

Thanks
Mitra.