Docker挂载主机目录Docker访问出现Permission denied的解决办法

Docker挂载主机目录，访问相应的文件出现Premission denied的权限访问问题，

[root@localhost soft]# docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZEdocker.io/centos    7.2.1511            686672a1d0cc        5 weeks ago  //将主机上的/soft目录挂载到docker的/soft目录，前面的是主机目录，后面的是docker的目录。 docker run -i -t -v /soft:/soft 686672a1d0cc /bin/bash

挂载后，查看相应的文件出现如下的提示：

[root@ba471da26d07 soft]# lsls: cannot access jdk-8u102-linux-x64.tar.gz: Permission deniedhadoop-2.7.2.tar.gz  jdk-8u102-linux-x64.tar.gz

   问题原因及解决办法   原因是CentOS7中的安全模块selinux把权限禁掉了，至少有以下三种方式解决挂载的目录没有权限的问题：   1.在运行容器的时候，给容器加特权，及加上 --privileged=true 参数：   docker run -i -t -v /soft:/soft --privileged=true 686672a1d0cc /bin/bash   2.临时关闭selinux：   setenforce 0   3.添加selinux规则，改变要挂载的目录的安全性文本

# 更改安全性文本的格式如下chcon [-R] [-t type] [-u user] [-r role] 文件或者目录选顷不参数： -R  ：连同该目录下癿次目录也同时修改； -t  ：后面接安全性本文的类型字段！例如 httpd_sys_content_t ； -u  ：后面接身份识别，例如 system_u； -r  ：后面街觇色，例如 system_r[root@localhost Desktop]# chcon --helpUsage: chcon [OPTION]... CONTEXT FILE...  or:  chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...  or:  chcon [OPTION]... --reference=RFILE FILE...Change the SELinux security context of each FILE to CONTEXT.With --reference, change the security context of each FILE to that of RFILE.Mandatory arguments to long options are mandatory for short options too.      --dereference      affect the referent of each symbolic link (this is                         the default), rather than the symbolic link itself  -h, --no-dereference   affect symbolic links instead of any referenced file  -u, --user=USER        set user USER in the target security context  -r, --role=ROLE        set role ROLE in the target security context  -t, --type=TYPE        set type TYPE in the target security context  -l, --range=RANGE      set range RANGE in the target security context      --no-preserve-root  do not treat '/' specially (the default)      --preserve-root    fail to operate recursively on '/'      --reference=RFILE  use RFILE's security context rather than specifying                         a CONTEXT value  -R, --recursive        operate on files and directories recursively  -v, --verbose          output a diagnostic for every file processedThe following options modify how a hierarchy is traversed when the -Roption is also specified.  If more than one is specified, only the finalone takes effect.  -H                     if a command line argument is a symbolic link                         to a directory, traverse it  -L                     traverse every symbolic link to a directory                         encountered  -P                     do not traverse any symbolic links (default)      --help     display this help and exit      --version  output version information and exitGNU coreutils online help: <http://www.gnu.org/software/coreutils/>For complete documentation, run: info coreutils 'chcon invocation'

在主机中修改/soft目录的安全性文档

[root@localhost Desktop]# chcon -Rt svirt_sandbox_file_t /soft[root@ba471da26d07 soft]# lltotal 384264-rw-r--r--. 1 root root 212046774 Aug  8 10:01 hadoop-2.7.2.tar.gz-rw-r--r--. 1 root root 181435897 Aug  8 09:23 jdk-8u102-linux-x64.tar.gz

在docker中就可以正常访问该目录下的相关资源了。

也可以参考以下链接：
https://yq.aliyun.com/articles/53990