Sed: couldn't open temporary file xyz: Permission denied when using VirtioFS

I using Linux based containers to build my projects.

For most project, I download the file on my host and I mount the source folder using the -v option to build them using the tools contained in the container.
The build process is using at some point “sed -i” to to perform in place replacement to some files generated during the build process. These files are located on the mounted value. When the build process run the sed command it output the following error:


sed: couldn't open temporary file ./sed7hc859: Permission denied

The file is visible from both the host and the container, but it as no permissions.

smartd@14eaf668b949:/work$ ls -la
ls: sed7hc859: No such file or directory
total 24
drwxrwxrwx 11 smartd hostusers  352 Jun  9 22:09 .
drwxr-xr-x  1 root   root      4096 Jun  9 21:34 ..
drwxr-xr-x 17 smartd hostusers  544 Jun  9 21:33 .git
-rw-r--r--  1 smartd hostusers   23 Jun  9 20:12 .gitignore
-rw-r--r--  1 smartd hostusers  778 Jun  9 20:12 .gitmodules
drwxr-xr-x  6 smartd hostusers  192 Jun  7 14:02 .vscode
-rw-r--r--  1 smartd hostusers 3584 Jun  9 20:12 Makefile
-rw-r--r--  1 smartd hostusers  499 Jun  9 20:12
-rw-r--r--  1 smartd hostusers    7 Jun  9 21:36 pat.txt
----------  1 smartd hostusers    0 Jun  9 22:04 sed7hc859
drwxr-xr-x  3 smartd hostusers   96 Jun  4 16:53 sources

Note that I don’t have a user permission issue because I am running as the same user in the container and my host computer which is running Mac OSX 12.3.1 for X86_64.

This command works perfectly when I disable VirtioFS and restart the docker desktop for Mac.

Obviously, I don’t like to disable VirtioFS because the build is a lot slower without it.

Do you have any idea why I can’t run sed -i my files?

VirtioFS is still experimental, so I guess we will see more of similar issues like this. I tried what you did and got the same result. Using the same user in the container as on the host might not be enough, since VirtioFS does not show you the file directly from the host. I guess you could change the file in the container, but you can’t do that on the host, therefore it will not allow you to change it inside the container either.

sed creates files without any permissions. VirtioFS allows you to create it because you have permission to write the folder, but when you remove all the permissions of from a file, you will not be able to change it back either since you are no longer have permission to do anything with that file which would not be true if that file was on the container’s filesystem.

Honestly I never use inplace replacements. I like to control the temporary files myself. It you can change the code without too much work, I recommend you to do that. It will not solve your original issue, but at least you could work on what you want.

An other solution could be that you keep how you change the files with sed, but do it in a temporary folder on the container’s filesystem. When you are done, copy the content of the temporary folder back to the mounted folder.