Error mapping file into docker container

Thanh Phu on August 11, 2018

Specifically, for Docker on Windows, Virtualbox version, in conjunction with WSL. When I run ‘docker-compose up’, I get this error

ERROR: for 125f20ccead0_lempr_web_1 Cannot start service web: OCI runtime create failed: container_linux.go:348: starting container process caused “process_linux.go:402: container init caused \”rootfs_linux.go:58: mounting \\\”/d/Code/lempr/web/nginx.conf\\\” to rootfs \\\”/mnt/sda1/var/lib/docker/aufs/mnt/065f6aacb3ee01072637ae0544f50a9b772df662ea8e7e3dc2d663d87d7e1a4f\\\” at \\\”/mnt/sda1/var/lib/docker/aufs/mnt/065f6aacb3ee01072637ae0544f50a9b772df662ea8e7e3dc2d663d87d7e1a4f/etc/nginx/nginx.conf\\\” caused \\\”not a directory\\\”\””: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

I checked to make sure nginx.conf exist both outside and inside the container.

Then I tried to map the file to a different location, it gets created as a directory inside the container!

I tried various suggestions from the internet:

  • Restart the host machine
  • Map /mnt/c to /c
  • Share the /c drive to the docker-machine VM inside virtual box
    • To do so, open virtualbox
    • Select the ‘default’ machine
    • Go to settings
    • Go to ‘shared folders’
    • Click add
    • Add C and D as shares
    • Attach a console to the machine to make sure the share works

To no avail. Meanwhile the same docker-compose works just fine on my Mac.

So I concluded WSL mapping and docker for Windows’ mapping can’t handle this use case at all and I should switch to a *nix OS for the task.

Windows seems to be unable to handle this setup

Docker-Machine (in Virtualbox) -> Windows -> WSL

It seems there’s a problem with mapping paths from the docker-compose VM to Windows, not a problem with WSL, since trying within Docker’s MINGW command line yields the same result as WSL’s.

 

How to fix “Host ‘172.x.0.1’ is not allowed to connect” with MySQL Docker

Thanh Phu on July 4, 2018

Using the official MariaDB docker image from Docker Hub, I got this error

Host '172.18.0.1' is not allowed to connect to this MySQL serverI

I tried adding a shared volume after some google search, but that didn’t work

  volumes:
    # Use this option to persist the MySQL DBs in a shared volume.
    - ./mysqldata:/var/lib/mysql:rw,delegated

Turns out it’s an authentication problem, not a connection problem. By default the maria DB doesn’t give the root use permission to connect from everywhere, just localhost, so you’ll need to do

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;FLUSH PRIVILEGES;

By going into the container and execute the mysql command line tool

Alternatively, you can do

environment:
- MYSQL_ROOT_HOST='%'
- MYSQL_USER='youruser'
- MYSQL_PASSWORD='yourpassword'
- MYSQL_DATABASE='yourdb'

The entry point script only disallow root from any host, so if you create a new user you won’t get this limitation

 

Note on installing MailWizz

Thanh Phu on February 20, 2018

Mailwizz has a pretty convenient ‘one-command install’ available here. However I hit a snag when trying to run it

[cc lang=”bash”]
RUN schema.sql…
/root/mailwizz-install.sh: line 7: /var/www/mailwizz/html/apps/common/data/install-sql/schema.sql: Permission denied
[/cc]

The reason is SELinux doesn’t allow the docker daemon to read anything outside /usr/ directory. To give docker permission you need to use the z option. According to project Atomic:

If you want to volume mount content under /var, for example, into a container you need to set the labels on this content. In the docker run man page we mention this.

man docker-run
...
When  using  SELinux,  be  aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy  is enforced,  the /var/db directory is not  writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog.

To  work  around  this, at time of writing this man page, the following command needs to be run in order for the  proper  SELinux  policy  type label to be attached to the host directory:

# chcon -Rt svirt_sandbox_file_t /var/db

This got easier recently since Docker finally merged a patch which will be showing up in docker-1.7 (We have been carrying the patch in docker-1.6 on RHEL, CentOS, and Fedora).

This patch adds support for z and Z as options on the volume mounts (-v).

For example:

  docker run -v /var/db:/var/db:z rhel7 /bin/sh

Will automatically do the chcon -Rt svirt_sandbox_file_t /var/db described in the man page.

Even better, you can use Z.

  docker run -v /var/db:/var/db:Z rhel7 /bin/sh

This will label the content inside the container with the exact MCS label that the container will run with, basically it runs chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db where s0:c1,c2 differs for each container.

 

In essence, after you encounter the error above, navigate to the docker-compose.yml file and add ‘:z’ to the volumes, like this:


mailwizz-php:
build: .
dockerfile: php-fpm/Dockerfile
container_name: mailwizz-php
volumes:
- ./mailwizz:/var/www/mailwizz:z

...
mailwizz-webserver:
build: .
dockerfile: caddy/Dockerfile
container_name: mailwizz-webserver
volumes:
- ./mailwizz:/var/www/mailwizz:z
- ./caddy/Caddyfile:/etc/Caddyfile:z
- ./caddy/certs:/root/.caddy:z

Then, rebuild the images with

docker-compose up --build --force-recreate --remove-orphans -d

Finally, run the installation command

docker exec -it mailwizz-php /root/mailwizz-install.sh

And voilà! Your Mailwizz server is now up and running.