Docker command reports abnormal permission denied solution


In the Linux system, newly install docker and enter the command, such as: docker images

The result is abnormal

The simple understanding is that the connection of the current user is rejected

Solution one:

Use administrator privileges, add sudo before the command

Solution two:

Add the current user to the docker user group

sudo groupadd docker #Add docker user group, this user group should already exist
sudo gpasswd -a $USER docker #Add the current user to the docker user group
newgrp docker #Update user group docker

Execute docker images again

This can be used normally

Supplement: Docker -v does not have permission to the mounted directory Permission denied solution

Situation description

Using docker run -d -p 9091:8080 -v /home/daniu/docker/tomcat/webapps/:/usr/local/tomcat/webapps/ –name managertomcat daniu/mytomcat today

After mounting the path, enter the container

[email protected]:/usr/local/tomcat# cd webapps/
[email protected]:/usr/local/tomcat/webapps# ls
ls: cannot open directory '.': Permission denied
[email protected]:/usr/local/tomcat/webapps# 

View webapps prompt no permission.


The security module selinux in centos7 disables permissions.

There are three ways to solve it:

1. Add –privileged=true at runtime

[[email protected] tomcat]$ docker run -d -p 9091:8080 -v /home/daniu/docker/tomcat/webapps/:/usr/local/tomcat/webapps/ --privileged=true --name managertomcat xuhaixing/mytomcat
[[email protected] tomcat]$ ls

2. Temporarily close selinux and then open it again

[[email protected] tomcat]# setenforce 0
[[email protected] tomcat]# setenforce 1

3. Add linux rules and add the directory to be mounted to the selinux whitelist

# Change the format of the security text as follows
chcon [-R] [-t type] [-u user] [-r role] file or directory
Options and parameters: 
-R : All directories under this directory are also modified at the same time; 
-t : followed by the type field of the security text, such as httpd_sys_content_t; 
-u : followed by identification, such as system_u; 
-r : back street target, such as system_r
chcon -Rt svirt_sandbox_file_t /home/daniu/docker/tomcat/webapps/

The above is a personal experience, I hope it can give you a reference, and I hope you can support developpaer a lot. If there are any mistakes or not considered completely, please let me know.