English
« Back to projectatomic.io
Ask Your Question
1

403 forbidden when accessing volume via apache in docker container

asked 2014-06-30 03:32:56 +0000

andrew gravatar image

I'm trying to add a volume to a docker container. I get 403 permission denied from apache when accessing outside of my atomic vm. I've forwarded port 80 of my VM to the vm host.

In the VM I have a user and a directory in the users home. /home/test/code/index.php. I run,

docker run -d -p 80:80 -v /home/test/code:/app tutum/apache-php

I always get 403 forbidden unless i run,

docker run -d -p 80:80 -v /code:/app tutum/apache-php

where ive chmod 777 /code. im guessing this is selinux related as it works fine from home dirs on coreos. Another directory i tried was /opt/test/code, even with /opt/test/code chmod'd to 777 get a 403. I think this is because the sim link /opt -> /var/opt which is owned by root.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-12-11 16:17:19 +0000

This could be an SElinux issue, since the container and host SELinux contexts are separate. Try labeling the source directory on the host as svirtsandboxfile_t and see if the container can get access.

chcon -Rt svirt_sandbox_file_t /home/test/code

If it is SELinux on the Atomic host you should see AVC messages in the audit log, which you can find with the standard ausearch commands.

ausearch -m avc
edit flag offensive delete link more

Comments

I had also problems with volume permissions managed via kubernetes pod. After set the volume inside a dockerfile and build an image it works fine. I've read the directory have to exist inside the container. If it not exists it will be created as root.

pwFoo ( 2015-01-13 19:41:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2014-06-30 03:32:56 +0000

Seen: 6,739 times

Last updated: Dec 11 '14