在CENTOS7上挂载宿主机目录到容器中时,出现了目录拒绝访问的问题,尝试了修改文件夹权限及属主,都没用。在看了csdn的一篇文章后,恍然大悟。
解决方法
1.在运行容器的时候,给容器加特权,及加上 –privileged=true 参数:
docker run -i -t -v /soft:/soft –privileged=true 686672a1d0cc /bin/bash
2.关闭selinux:
setenforce 0
3.添加selinux规则,改变要挂载目录的安全文本
# 更改安全性文本的格式如下 chcon [-R] [-t type] [-u user] [-r role] 文件或者目录 选顷不参数: -R :连同该目录下癿次目录也同时修改; -t :后面接安全性本文的类型字段!例如 httpd_sys_content_t ; -u :后面接身份识别,例如 system_u; -r :后面街觇色,例如 system_r [root@localhost Desktop]# chcon --help Usage: chcon [OPTION]... CONTEXT FILE... or: chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE... or: chcon [OPTION]... --reference=RFILE FILE... Change the SELinux security context of each FILE to CONTEXT. With --reference, change the security context of each FILE to that of RFILE. Mandatory arguments to long options are mandatory for short options too. --dereference affect the referent of each symbolic link (this is the default), rather than the symbolic link itself -h, --no-dereference affect symbolic links instead of any referenced file -u, --user=USER set user USER in the target security context -r, --role=ROLE set role ROLE in the target security context -t, --type=TYPE set type TYPE in the target security context -l, --range=RANGE set range RANGE in the target security context --no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/' --reference=RFILE use RFILE's security context rather than specifying a CONTEXT value -R, --recursive operate on files and directories recursively -v, --verbose output a diagnostic for every file processed The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect. -H if a command line argument is a symbolic link to a directory, traverse it -L traverse every symbolic link to a directory encountered -P do not traverse any symbolic links (default) --help display this help and exit --version output version information and exit GNU coreutils online help: <http://www.gnu.org/software/coreutils/> For complete documentation, run: info coreutils 'chcon invocation'
在主机中修改/soft目录的安全性文档
[root@localhost Desktop]# chcon -Rt svirt_sandbox_file_t /soft [root@ba471da26d07 soft]# ll total 384264 -rw-r--r--. 1 root root 212046774 Aug 8 10:01 hadoop-2.7.2.tar.gz -rw-r--r--. 1 root root 181435897 Aug 8 09:23 jdk-8u102-linux-x64.tar.gz