Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permission Denied Errors on MySQL Files After Upgrading to New Docker Version #257

Open
alexandremsouza1 opened this issue Nov 9, 2024 · 3 comments

Comments

@alexandremsouza1
Copy link

Description

After upgrading to the latest Docker version, I encountered multiple permission-related errors when attempting to change ownership on MySQL files within the /var/lib/mysql directory. These errors prevent the application from accessing essential MySQL data and include the following messages:

2024-11-08 23:29:47 chown: changing ownership of '/var/lib/mysql/mysql.sock': Operation not permitted
2024-11-08 23:29:47 chown: cannot access '/var/lib/mysql/auto.cnf': Permission denied
2024-11-08 23:29:47 chown: cannot access '/var/lib/mysql/binlog.000004': Permission denied
2024-11-08 23:29:47 chown: cannot access '/var/lib/mysql/ib_buffer_pool': Permission denied
2024-11-08 23:29:47 chown: cannot access '/var/lib/mysql/binlog.000005': Permission denied
2024-11-08 23:29:47 chown: cannot access '/var/lib/mysql/binlog.000014': Permission denied

Reproduce

  1. Update Docker to the latest version.
  2. Use Docker Compose with version 4.34 to define a MySQL container. My docker-compose.yaml file is configured with MySQL and includes the following specifications:
    [ In Additional Info]
  3. Run the MySQL container and attempt to set chown permissions on the /var/lib/mysql directory.
  4. Observe permission errors on MySQL files as listed above.

Expected behavior

No response

docker version

Client: Docker Engine - Community
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:40:59 2024
 OS/Arch:           linux/amd64
 Context:           desktop-linux

Server: Docker Desktop 4.35.1 (173168)
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    27.3.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1-desktop.1
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7-desktop.1
    Path:     /usr/lib/docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.37
    Path:     /usr/lib/docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.15
    Path:     /usr/lib/docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /usr/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.27
    Path:     /usr/lib/docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /usr/lib/docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     /usr/lib/docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.14.0
    Path:     /usr/lib/docker/cli-plugins/docker-scout

Server:
 Containers: 7
  Running: 1
  Paused: 0
  Stopped: 6
 Images: 12
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.10.11-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 3.714GiB
 Name: docker-desktop
 ID: d5dfc322-deca-4216-b4cb-a51c7db89840
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///home/alexandre/.docker/desktop/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Diagnostics ID

6702D0A6-6A45-4CBD-9C89-5302B8B37473/20241109022826

Additional Info

version: "3.9"
services:
db:
image: mysql:8.0.30
volumes:
- ./db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- ./wordpress:/var/www/html
- ./plugins:/var/www/html/wp-content/plugins
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress

@Nikhil-Gohil
Copy link

Nikhil-Gohil commented Nov 12, 2024

I am seeing similar permission issues after I updated from docker desktop 4.34.1 --> 4.35.1

All of my preexisting containers fail to spin up because inside the container, there are no permissions to write to the default "/config" folder that I have bind mount.

Docker compose has this setup for a container:

    volumes:
      - "~/config/sonarr:/config"
      - "/mnt/data:/data"

When I spin up the container, I see errors like:

2024-11-12 12:27:15 [v4.0.10.2624] NzbDrone.Common.Exceptions.SonarrStartupException: Sonarr failed to start: AppFolder /config is not writable

Inside the container:

/ # whoami
root

/ # ls -ld /config
drwxrwxr-x 8 root root 4096 Nov 11 12:03 /config

/ # touch  /config/write_test.txt
touch: cannot touch '/config/write_test.txt': Permission denied

From the host system:

UbuntuLTS-Server:~$ whoami
nikhil

UbuntuLTS-Server:~$ ls -ld ~/config/sonarr/
drwxrwxr-x 8 100999 100999 4096 Nov 11 12:03 /home/nikhil/config/sonarr/

UbuntuLTS-Server:~$ touch ~/config/sonarr/write_test.txt
touch: cannot touch '/home/nikhil/config/sonarr/write_test.txt': Permission denied

UbuntuLTS-Server:~$ sudo touch ~/config/sonarr/write_test.txt
UbuntuLTS-Server:~$ 

On the host system, the files show up as owned by uid 100999, and I can edit them after I become root.
Inside the container, it shows the directory as owned by root, and even when I am the root user, I am unable to create/edit files in the directory.

I am unsure if this is a similar issue that you have flagged but thought I would post here first nonetheless.
I attempted to --force-recreate, that did not help.

docker version
Client: Docker Engine - Community
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:40:59 2024
 OS/Arch:           linux/amd64
 Context:           desktop-linux

Server: Docker Desktop 4.35.1 (173168)
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
docker info
Client: Docker Engine - Community
 Version:    27.3.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1-desktop.1
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7-desktop.1
    Path:     /usr/lib/docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.37
    Path:     /usr/lib/docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.15
    Path:     /usr/lib/docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /usr/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.27
    Path:     /usr/lib/docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /usr/lib/docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     /usr/lib/docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.14.0
    Path:     /usr/lib/docker/cli-plugins/docker-scout

Server:
 Containers: 20
  Running: 18
  Paused: 0
  Stopped: 2
 Images: 65
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.10.11-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 6
 Total Memory: 1.846GiB
 Name: docker-desktop
 ID: 1e6a09e0-54e0-459b-bf3b-85bf422b99a9
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///home/nikhil/.docker/desktop/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile
version: "3.7"

services:
  sonarr:
    container_name: sonarr
    image: ghcr.io/hotio/sonarr:nightly
    ports:
      - "8989:8989"
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK=002
      - TZ=America/Los_Angeles
    restart: unless-stopped
    volumes:
      - "~/config/sonarr:/config"
      - "/mnt/data:/data"

@matmis
Copy link

matmis commented Nov 24, 2024

@Nikhil-Gohil, I have the same issue after upgrading docker desktop to 4.36.0. Did you find a solution? Downgrading to docker desktop 4.34.3 fixed it again for me.

@zagumaar
Copy link

Using Ubuntu 22.04, I can confirm I have the same issue on 4.37.1, rollbacking to 4.34.3 fixes the problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants