I expected to be able to set the ownership and permissions for a secret file in /run/secrets. I am running the container process (zookeeper) as user zookeeper.
I get this error message:
Error: Password file read access must be restricted: /run/secrets/zookeeperjmx.password
-r–r--r-- 1 root root 46 Apr 21 12:43 /run/secrets/zookeeperjmx.password
the mount command reports:
tmpfs on /run/secrets type tmpfs (ro,relatime)
I am unable to change ownership or permissions for the files under
/run/secrets because it is a read-only file system.
I am using the AWS cloudformation template Ga2 from Docker.
I suspect that this problem is independent of the machine platform.
Steps to reproduce the behavior
- log on to an instance in the swarm
- echo something | docker secret create somename -
- create a service that mounts this secret
- enter the namespace of a container in this service
- observe that /run/secrets is mounted read-only