Skip to content

Failing chmod of data mount in entrypoint when running rootless docker with specified --user #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
raqbit opened this issue Dec 26, 2020 · 1 comment · Fixed by #804
Closed

Failing chmod of data mount in entrypoint when running rootless docker with specified --user #802

raqbit opened this issue Dec 26, 2020 · 1 comment · Fixed by #804

Comments

@raqbit
Copy link

raqbit commented Dec 26, 2020
edited
Loading

I'm trying to use the postgress docker image in the rootless docker daemon mode, which means that the entire docker daemon runs inside of a user namespace.

As expected, when I use this mode and mount a local directory, the local directory is owned by an arbitrary high user id (100069), which is mapped to root (uid 0) in the container. But when I then try to change the userid the container runs with to my own host user with --user 1000 (or user: 1000 in compose), the container gets stuck failing to chmod the data directory in the docker-entrypoint.sh:

chmod: /var/lib/postgresql/data: Operation not permitted

I think this error is coming from

postgres/13/alpine/docker-entrypoint.sh

Line 40 in 3690694

chmod 700 "$PGDATA"
(or the non-alpine entrypoint)

but I don't understand why. I verified that the user inside the container is indeed 1000 by replacing the command with id.

Command which can be run with docker rootless mod to reproduce the issue:

docker run --user 1000 -v "$PWD/data:/var/lib/posgresql/data" postgres:alpine
@tianon
Copy link
Member

tianon commented Dec 28, 2020

I was able to reproduce without rootless -- I think the "correct" solution here is to make the chmod not fail (since PostgreSQL itself will validate later, likely with a better error message), but after applying that adjustment I run into the (expected) initdb: could not look up effective user ID 1000: user does not exist (https://github.com/docker-library/docs/tree/6b36a7702d4b98917b50155d7e38dfcdc59fa530/postgres#arbitrary---user-notes).

@tianon tianon mentioned this issue Dec 28, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adjust "chmod" to not fail (since PostgreSQL validates this itself later) infosiftr/postgres
2 participants
@tianon @raqbit