colima
colima copied to clipboard
abiosoft
Cannot chown or chmod bind mounted files/dirs
Hello and thank you for the awesome project!
I'm running into an inconsistency between docker for mac and lima. With docker for mac, I can successfully chown & chmod bind mounted files/dirs within a container.
If I attempt this with colima I get chown: file.txt: Permission denied
I can chmod (tested with colima 0.3.0, but don't know if it is related). chown still not working.
Getting this issue on some popular images, which will attempt to correct host-mounted volume file ownership/permissions during their entrypoint scripts
postgres:/var/lib/postgresql/data
redis:/data
Is this considered fixed or still outstanding? I'm experiencing this issue with the jekyll/jekyll container, on the HEAD install of colima, lima, qemu.
I've tried following these instructions: https://github.com/lima-vm/lima/issues/231#issuecomment-1145113879
But have not had any luck.
@jhogendorn what is your exact situation? Have you tried starting Colima with --mount-type 9p?
@jhogendorn what is your exact situation? Have you tried starting Colima with
--mount-type 9p?
I'm running a jekyll container with docker compose.
version: '2.2'
services:
jekyll:
image: jekyll/jekyll:stable
command: jekyll serve --watch --force_polling --verbose
ports:
- 4000:4000
volumes:
- .:/srv/jekyll
Before, i was getting just a big list of chown errors.
If i start colima with --mount-type 9p then i get a slightly different permission error: /usr/local/lib/ruby/3.1.0/fileutils.rb:243:in mkdir: Permission denied @ dir_s_mkdir - /srv/jekyll/.jekyll-cache (Errno::EACCES)
I got around that by running mkdir .jekyll-cache
Then it was failing due to https://github.com/envygeeks/jekyll-docker/issues/335
However, if i setup the gemfile to resolve this, it fails again with There was an error while trying to write to /srv/jekyll/Gemfile.lock
So it clearly cant write to the bind mount correctly. i've tried Z and rw modes in the volume as well.
@jhogendorn I am more confident in 9p than sshfs even though it's slower (provided you do not need symlinks). It is most likely the user permission.
Does it work if you specify the uid manually by adding user: 501 to your docker compose file? You can verify your uid in the terminal with id -u.
Does it work if you specify the
uidmanually by addinguser: 501to your docker compose file? You can verify your uid in the terminal withid -u.
No, it fails because it cannot find the jekyll binary due to how the container is constructed.
/usr/jekyll/bin/jekyll: exec: line 16: /usr/local/bundle/bin/jekyll: not found
Like a lot of poorly made containers, it requires to be run as root user.
I will note its managed to create a directory structure inside .jekyll-cache, and has some files inside that.
Perhaps this is limited to the 'top level' of the mount? It could not create the .jekyll-cache folder, but can write inside it. Gemfile.lock will be top level also.
The other option is to make the directory writable for other users (not sure if that is ideal for you). This is specific to 9p mount.
chmod 777 ./jekyll
Perhaps this is limited to the 'top level' of the mount? It could not create the .jekyll-cache folder, but can write inside it. Gemfile.lock will be top level also.
For sshfs, yes. If the directory is created on the host, it cannot chmod on it, but works fine on subfiles and subdirectories.
For 9p, you can only write if running as root (in the container) or the container userId matches the owner of the directory on host.
chmod 777 does work. thats a rough hack though.
I ended up swapping to a different base container, it became evident the issues were many and mostly around that particular container rather than colima etc.
Thanks for your help, appreciated.
@nulllpoint In a recent release, the
securityModeloption changed its default value; you may need to specify it manually formapped-xattr.Originally posted by @mritd in https://github.com/lima-vm/lima/issues/231#issuecomment-1316683864
colima dosen't support 9p options in mounts. everytime it removes 9p from colima.yaml
currently can use lima override.yaml to modify mounts as a fallback
This is how I solved it. I had to write mounts for ~ twice: with absolute path and with ~.
-
Put this into your
/Users/<username>/.lima/_config/override.yaml:mountType: 9p mounts: - location: "/Users/<username>" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: "~" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: /tmp/colima writable: true 9p: securityModel: mapped-xattr cache: mmap -
colima delete -
colima start --mount-type 9p
Versions:
- MBP M1 MacOS Monterey (12.5)
- lima 0.13.0
- colima 0.4.6
@bofm Confirmed it fixes for my env too.
- Macbook Air M2 MacOS 13.1
- lima 0.14.1
- colima 0.5.1
No, it fails because it cannot find the jekyll binary due to how the container is constructed.
Hi @jhogendorn which container image did you switch to instead of jekyll/jekyll? I am encountering the exact same error message as you: /usr/jekyll/bin/jekyll: exec: line 16: /usr/local/bundle/bin/jekyll: not found
Hi everyone,
unfotuntely this is still persisting as a problem across multiple containers combinations:
` ➜ colima colima --version && lima --version && uname -a colima version 0.5.6 limactl version 0.17.2 Darwin nubia 23.0.0 Darwin Kernel Version 23.0.0: Fri Sep 15 14:41:43 PDT 2023; root:xnu-10002.1.13~1/RELEASE_ARM64_T6000 arm64
`
when starting a container with a volume as following:
➜ colima docker run -it -v $(pwd)/volume:/data busybox:latest
docker: Error response from daemon: error while creating mount source path '/Users/ely/projects/kasandra/colima/volume': chown /Users/ely/projects/kasandra/colima/volume: operation not permitted.
ERRO[0000] error waiting for container:
the volume folder is available and writeable by the current user
docker info:
colima docker info
Client: Docker Engine - Community
Version: 24.0.6
Context: colima
Debug Mode: false
Server:
Containers: 12
Running: 0
Paused: 0
Stopped: 12
Images: 6
Server Version: 23.0.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 1fbd70374134b891f97ce19c70b6e50c7b9f4e0d
runc version: 860f061b76bb4fc671f0f9e900f7d80ff93d4eb7
init version:
Security Options:
seccomp
Profile: builtin
Kernel Version: 6.1.29-0-virt
Operating System: Alpine Linux v3.18
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 15.59GiB
Name: colima
ID: ba948050-ef3d-4054-9702-8cc9e53c5669
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: atlasloewenherz
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Has anyone been able to solve it?
My use case:
version: '3'
services:
database:
image: postgis/postgis:13-master
# Required when running on platform other than amd64, like Apple M1/M2:
platform: linux/amd64
volumes:
- ./data/database:/var/lib/postgresql/data
environment:
POSTGRES_USER: 'directus'
POSTGRES_PASSWORD: 'directus'
POSTGRES_DB: 'directus'
directus:
image: directus/directus:10.4.0
ports:
- 8055:8055
volumes:
- ./uploads:/directus/uploads
# If you want to load extensions from the host
# - ./extensions:/directus/extensions
depends_on:
- database
environment:
KEY: '255d861b-5ea1-5996-9aa3-922530ec40b1'
SECRET: '6116487b-cda1-52c2-b5b5-c8022c45e263'
DB_CLIENT: 'pg'
DB_HOST: 'database'
DB_PORT: '5432'
DB_DATABASE: 'directus'
DB_USER: 'directus'
DB_PASSWORD: 'directus'
ADMIN_EMAIL: '[email protected]'
ADMIN_PASSWORD: 'd1r3ctu5'
The logs are:
~/Desktop/directus-colima with node(v18.16.1) ⌚ 11:34:27
$ docker compose up
[+] Building 0.0s (0/0) docker:colima
[+] Running 2/0
✔ Container directus-colima-database-1 Created 0.0s
✔ Container directus-colima-directus-1 Created 0.0s
Attaching to directus-colima-database-1, directus-colima-directus-1
directus-colima-database-1 | chown: changing ownership of '/var/lib/postgresql/data': Permission denied
directus-colima-database-1 exited with code 1
directus-colima-directus-1 | [15:34:30.729] INFO: Initializing bootstrap...
directus-colima-directus-1 | [15:34:55.866] ERROR: Can't connect to the database.
directus-colima-directus-1 | [15:34:55.867] ERROR: getaddrinfo ENOTFOUND database
directus-colima-directus-1 | err: {
directus-colima-directus-1 | "type": "Error",
directus-colima-directus-1 | "message": "getaddrinfo ENOTFOUND database",
directus-colima-directus-1 | "stack":
directus-colima-directus-1 | Error: getaddrinfo ENOTFOUND database
directus-colima-directus-1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26)
directus-colima-directus-1 | "errno": -3008,
directus-colima-directus-1 | "code": "ENOTFOUND",
directus-colima-directus-1 | "syscall": "getaddrinfo",
directus-colima-directus-1 | "hostname": "database"
directus-colima-directus-1 | }
directus-colima-directus-1 exited with code 1
The error is:
chown: changing ownership of '/var/lib/postgresql/data':
Simple example:
version: '3'
services:
database:
image: postgres:15.4-alpine
volumes:
- ./data/database:/var/lib/postgresql/data
environment:
POSTGRES_USER: 'directus'
POSTGRES_PASSWORD: 'directus'
POSTGRES_DB: 'directus'
Console:
$ docker compose up
[+] Building 0.0s (0/0) docker:colima
[+] Running 2/0
✔ Network postgresql-colima_default Created 0.0s
✔ Container postgresql-colima-database-1 Created 0.0s
Attaching to postgresql-colima-database-1
postgresql-colima-database-1 | chown: /var/lib/postgresql/data: Permission denied
postgresql-colima-database-1 exited with code 1
Has anyone been able to solve it?
Same use case.- Resolved it following @bofm 's comment in three easy steps:
1. Stop colima and create override.yaml file
🧨 To start from scratch I deleted all colima profiles first:
➜ colima list | awk "/$(uname -m)/ {print \$1}" | while read i ; do colima stop -p ${i} ; colima delete -p ${i} ; done
➜ colima stop
➜ [ -d "${HOME}/.colima/_config" ] || mkdir -vp "${HOME}/.colima/_config"
➜ cat << EOF > ${HOME}/.colima/_config/override.yaml
mountType: 9p
mounts:
- location: ${HOME}
writable: true
9p:
securityModel: mapped-xattr
cache: mmap
- location: "~"
writable: true
9p:
securityModel: mapped-xattr
cache: mmap
- location: /tmp/colima
writable: true
9p:
securityModel: mapped-xattr
cache: mmap
EOF
2. Edit the template
⚠️ Make sure you have:
mountType: 9p
➜ colima template
3. Then start colima editing the configuration file before start:
⚠️ Make sure you have:
mountType: 9p
➜ colima start --edit
Tried your docker-compose.yaml example:
version: '3'
services:
database:
image: postgres:15.4-alpine
volumes:
- ./data/database:/var/lib/postgresql/data
environment:
POSTGRES_USER: 'directus'
POSTGRES_PASSWORD: 'directus'
POSTGRES_DB: 'directus'
➜ ls -lao
total 8
drwxr-xr-x 3 user 96 Nov 15 08:54 ./
drwxr-xr-x 23 user 736 Nov 15 08:53 ../
-rw-r--r-- 1 user 244 Nov 15 08:49 docker-compose.yaml
➜ docker compose up -d
[+] Building 0.0s (0/0) docker:colima
[+] Running 2/2
✔ Network colima_default Created 0.1s
✔ Container colima-database-1 Started 0.0s
➜ ls -lao
total 8
drwxr-xr-x 4 user 128 Nov 15 08:54 ./
drwxr-xr-x 23 user 736 Nov 15 08:53 ../
drwx------@ 3 user 96 Nov 15 08:54 data/
-rw-r--r-- 1 user 244 Nov 15 08:49 docker-compose.yaml
➜ tree -d data
data
└── database
├── base
│ ├── 1
│ ├── 16384
│ ├── 4
│ └── 5
├── global
├── pg_commit_ts
├── pg_dynshmem
├── pg_logical
│ ├── mappings
│ └── snapshots
├── pg_multixact
│ ├── members
│ └── offsets
├── pg_notify
├── pg_replslot
├── pg_serial
├── pg_snapshots
├── pg_stat
├── pg_stat_tmp
├── pg_subtrans
├── pg_tblspc
├── pg_twophase
├── pg_wal
│ └── archive_status
└── pg_xact
28 directories
➜ docker exec -it colima-database-1 psql -U directus -c '\l'
List of databases
Name | Owner | Encoding | Collate | Ctype | ICU Locale | Locale Provider | Access privileges
-----------+----------+----------+------------+------------+------------+-----------------+-----------------------
directus | directus | UTF8 | en_US.utf8 | en_US.utf8 | | libc |
postgres | directus | UTF8 | en_US.utf8 | en_US.utf8 | | libc |
template0 | directus | UTF8 | en_US.utf8 | en_US.utf8 | | libc | =c/directus +
| | | | | | | directus=CTc/directus
template1 | directus | UTF8 | en_US.utf8 | en_US.utf8 | | libc | =c/directus +
| | | | | | | directus=CTc/directus
(4 rows)
darwin21.0
colima version 0.6.1
limactl version 0.18.0
x86_64
This is how I solved it. I had to write mounts for
~twice: with absolute path and with~.
- Put this into your
/Users/<username>/.lima/_config/override.yaml:mountType: 9p mounts: - location: "/Users/<username>" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: "~" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: /tmp/colima writable: true 9p: securityModel: mapped-xattr cache: mmapcolima deletecolima start --mount-type 9pVersions:
- MBP M1 MacOS Monterey (12.5)
- lima 0.13.0
- colima 0.4.6
It can't work by path/Users/<username>/.lima/_config in my version ,
then i chose another path /Users/<username>/.colima/_lima/_config and it works ,for reference only
- MBP M1 MacOS Monterey (12.4)
- lima 0.18.0
- colima 0.6.1
This is how I solved it. I had to write mounts for
~twice: with absolute path and with~.
- Put this into your
/Users/<username>/.lima/_config/override.yaml:mountType: 9p mounts: - location: "/Users/<username>" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: "~" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: /tmp/colima writable: true 9p: securityModel: mapped-xattr cache: mmapcolima deletecolima start --mount-type 9pVersions:
- MBP M1 MacOS Monterey (12.5)
- lima 0.13.0
- colima 0.4.6
It can't work by path
/Users/<username>/.lima/_configin my version , then i chose another path/Users/<username>/.colima/_lima/_configand it works ,for reference only
- MBP M1 MacOS Monterey (12.4)
- lima 0.18.0
- colima 0.6.1
Also worked for me. Thanks!
This is how I solved it. I had to write mounts for
~twice: with absolute path and with~.
- Put this into your
/Users/<username>/.lima/_config/override.yaml:mountType: 9p mounts: - location: "/Users/<username>" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: "~" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: /tmp/colima writable: true 9p: securityModel: mapped-xattr cache: mmapcolima deletecolima start --mount-type 9pVersions:
- MBP M1 MacOS Monterey (12.5)
- lima 0.13.0
- colima 0.4.6
It can't work by path
/Users/<username>/.lima/_configin my version , then i chose another path/Users/<username>/.colima/_lima/_configand it works ,for reference only
- MBP M1 MacOS Monterey (12.4)
- lima 0.18.0
- colima 0.6.1
This works but I had override.yaml defined at this path as well /Users/<username>/.lima/_config so make sure you delete this one before defining one at /Users/<username>/.colima/_lima/_config path else it won't allow colima to even start
This is how I solved it. I had to write mounts for
~twice: with absolute path and with~.
- Put this into your
/Users/<username>/.lima/_config/override.yaml:mountType: 9p mounts: - location: "/Users/<username>" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: "~" writable: true 9p: securityModel: mapped-xattr cache: mmap - location: /tmp/colima writable: true 9p: securityModel: mapped-xattr cache: mmapcolima deletecolima start --mount-type 9pVersions:
- MBP M1 MacOS Monterey (12.5)
- lima 0.13.0
- colima 0.4.6
It can't work by path
/Users/<username>/.lima/_configin my version , then i chose another path/Users/<username>/.colima/_lima/_configand it works ,for reference only
- MBP M1 MacOS Monterey (12.4)
- lima 0.18.0
- colima 0.6.1
Also worked for me. Thanks!
This works
