#StackBounty: #linux #ubuntu #permissions #docker Permission denied (for entry point) on container start

Bounty: 50

Since a few days, I can’t run any docker containers on my machine (Ubuntu 18.04). Whenever I try to run/start a container, I receive an error which says that the entrypoint file can’t be executed:

$ sudo docker run --name test nginx
sh: 0: Can't open /docker-entrypoint.sh

or

$ docker run --name test2 mongo:4.0
WARNING: Error loading config file: /home/myUser/.docker/config.json: stat /home/myUser/.docker/config.json: permission denied
/bin/bash: /usr/local/bin/docker-entrypoint.sh: Permission denied

The second error message leads me to the conclusion, that I might have access problem to the whole docker VM. So, this is the current permission setting on the .docker folder:

$ sudo ls -l /home/myUser/.docker
total 4
drwx------ 5 root root 4096 Nov 21  2019 machine

From my point of view, it should be fine (at least when the docker run/start command is executed as superuser…). Hence, it must be somewhere else.

What I tried/consulted so far:

  • reinstall docker => worked fine until the next reboot…
  • this post for permission issues when the entrypoint file is copied into the container from the host (which doesn’t apply to my case where no pre-built image is started…)
  • desperately scraping the web for other relevant posts without luck

I’m open to any suggestions and would be glad to deliver further details about my setting if necessary.


Edit: I followed the instructions on docker for the installation and used apt-get.

I don’t get any results when executing env | grep DOCKER

Below the result of docker info:

$ docker info
WARNING: Error loading config file: /home/myUser/.docker/config.json: stat /home/myUser/.docker/config.json: permission denied
Client:
 Debug Mode: false

Server:
 Containers: 9
  Running: 0
  Paused: 0
  Stopped: 9
 Images: 21
 Server Version: 19.03.11
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: 
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.3.0-53-generic
 Operating System: Ubuntu Core 16
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.54GiB
 Name: my-laptop
 ID: ****:****:some:code
 Docker Root Dir: /var/snap/docker/common/var-lib-docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Edit 2 (or rather a fun fact): I can run the hello-world example from docker. So, the problem is that the permission inside the docker container aren’t enough… why?

Edit 3: Thanks to @Sysadmin, I could remove the warning during the load of config.json by following the instructions of this post


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.