Permission denied on accessing host directory in Docker
See this Project Atomic blog post about Volumes and SELinux for the full story.
Specifically:
This got easier recently since Docker finally merged a patch whichwill be showing up in docker-1.7 (We have been carrying the patch indocker-1.6 on RHEL, CentOS, and Fedora).
This patch adds support for "z" and "Z" as options on the volumemounts (-v).
For example:
docker run -v /var/db:/var/db:z rhel7 /bin/sh
Will automatically do the
chcon -Rt svirt_sandbox_file_t /var/db
described in the man page.Even better, you can use Z.
docker run -v /var/db:/var/db:Z rhel7 /bin/sh
This will label the content inside the container with the exact MCSlabel that the container will run with, basically it runs
chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db
wheres0:c1,c2
differs foreach container.
It is an SELinux issue.
You can temporarily issue
su -c "setenforce 0"
on the host to access or else add an SELinux rule by running
chcon -Rt svirt_sandbox_file_t /path/to/volume
WARNING: This solution has security risks.
Try running the container as privileged:
sudo docker run --privileged=true -i -v /data1/Downloads:/Downloads ubuntu bash
Another option (that I have not tried) would be to create a privileged container and then create non-privileged containers inside of it.