docker-volume-bindfs icon indicating copy to clipboard operation
docker-volume-bindfs copied to clipboard

Published 20 hours ago verified publisher icon clecherbauer

No longer able to use this plugin without sudo

Open mautz-et-tong opened this issue 3 years ago • 2 comments

Hello,

I used this plugin quite a long time but unfortunately I don't get it to run on an updated machine. I use Ubuntu on a normal desktop PC. Nothing special here.

I followed these steps to install docker:

  • https://docs.docker.com/engine/install/ubuntu/
  • https://docs.docker.com/engine/install/linux-postinstall/

It doesn't matter if I try to install this plugin before or after the post-installation process

Distro/Version: Ubuntu 21.10

Installation gives:

$ docker plugin install lebokus/bindfs

Plugin "lebokus/bindfs" is requesting the following privileges:
 - mount: [/var/lib/docker/plugins/]
 - mount: [/]
 - device: [/dev/fuse]
 - capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N] y
latest: Pulling from lebokus/bindfs
Digest: sha256:70e32e400cf4fe1c58cee67e651067d949d724fd2c7d0e9e77a44e5650c0d289
dcac74e2a670: Complete 
Error response from daemon: dial unix /run/docker/plugins/92f03adaea02541d5b87f37afa298de9d59317f73db35935a8fc0ab6b7276c6e/bindfs.sock: connect: no such file or directory

In /run/docker/plugins there is another hash belonging to root when I install the plugin with sudo.

sudo docker-compose up -d is giving:

Cannot create container for service php: VolumeDriver.Mount: exit status 1%!(EXTRA []interface {}=[])

docker-compose.yml:

version: "3.7"
services:
  nginx:
    [...]
    volumes:
      - docker-share:/var/www/html/
      [...]
    working_dir: /var/www/html/

docker-compose.override.yml:

version: "3.7"
volumes:
  docker-share:
    driver: lebokus/bindfs
    driver_opts:
      sourcePath: "${pwd}/www/html"
      map: "${UID:-1000}/33:@${UID:-1000}/@33"

What did I miss?

mautz-et-tong avatar Feb 09 '22 14:02 mautz-et-tong

Hi, I have to take a look at that. I can't promise anything but I planned to update the repository anyway

clecherbauer avatar Feb 25 '22 10:02 clecherbauer

Some updates here. I fooled around with ownership and permissions and I can get the plugin rootless to live after I removed completely docker (purged everything) and reinstalled it with the rootless setup tool and moved ownership of /var/lib/docker and /var/lib/containerd to my user. This is a test system for docker setups only, so I made this mess...

Findings:

  • plugin can be installed as rootless user when /var/lib/docker belongs to the given user and docker is installed with rootless tool
  • stack can be started with a configured lebokus driver volume
  • Ownership mapping stops for a given user (here UID:1000) with mapping "${UID:-1000}/33:@${UID:-1000}/@33". User on host is whoami, inside it is root. Change owner on the inside to www-data (UID 33) changes owner on host to UID 100999.

Sadly, this still makes this plugin unusable.

mautz-et-tong avatar Mar 08 '22 20:03 mautz-et-tong