Permission issue with Docker for Windows LCOW

[fabwu]

I've tried to start this image with Docker for Windows edge (17.11.0-ce-win40) and enabled linux containers:

docker run --name some-mariadb -e MYSQL_ROOT_PASSWORD=my-secret-pw mariadb

But I get the following permission error:

Initializing database
chmod: changing permissions of '/var/lib/mysql//mysql': Operation not permitted
2017-12-11 17:48:36 140703266805632 [Warning] Can't create test file /var/lib/mysql/e3afdeb273bf.lower-test
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Unable to lock ./ibdata1 error: 95
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Operating system error number 95 in a file operation.
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Error number 95 means 'Operation not supported'
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Cannot open datafile './ibdata1'
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!
2017-12-11 17:48:36 140703266805632 [ERROR] InnoDB: Database creation was aborted with error Cannot open a file. You may need to delete the ibdata1 file before trying to start up again.
2017-12-11 17:48:36 140703266805632 [ERROR] Plugin 'InnoDB' init function returned error.
2017-12-11 17:48:36 140703266805632 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2017-12-11 17:48:36 140703266805632 [ERROR] mysqld: Can't sync file '/var/lib/mysql/' to disk (Errcode: 13 "Permission denied")
2017-12-11 17:48:36 140703266805632 [ERROR] mysqld: Can't create/write to file '/var/lib/mysql/aria_log_control' (Errcode: 13 "Permission denied")
2017-12-11 17:48:36 140703266805632 [ERROR] mysqld: Got error 'Can't create file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
2017-12-11 17:48:36 140703266805632 [ERROR] Plugin 'Aria' init function returned error.
2017-12-11 17:48:36 140703266805632 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
2017-12-11 17:48:36 140703266805632 [ERROR] Unknown/unsupported storage engine: InnoDB
2017-12-11 17:48:36 140703266805632 [ERROR] Aborting

I guess this should be easy to fix as soon as I figured out how permissions work for this image.

Does anybody has an idea what I can try to fix this problem?

[tianon]

Interesting -- I haven't tried LCOW, but these errors look similar to the types of errors we see for virtualbox shared folders, d4m/d4w file sharing, etc.

I cannot imagine why you're seeing permissions errors without a bind-mount, though.

You could try adding --user mysql to your docker run line (which will essentially skip the in-container chown).

You could also try checking what user owns the directory that the container is creating via something like:

$ docker run --rm mariadb ls -lnd /var/lib/mysql
drwxr-xr-x 2 999 999 4096 Dec 11 23:07 /var/lib/mysql

Then, use whatever the result is for --user, ala --user 999:999 for the above example.

[fabwu]

Yes LCOW sounds promising and I would love to use it because it's so fast comparing to the Hyper-V solution.

I tried docker run --user mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw mariadb but I get the same error message as above.

docker run --rm mariadb ls -lnd /var/lib/mysql prints the following output:

drwxrwxrwt 2 0 0 4096 Dec 12 19:00 /var/lib/mysql

Which means the folder is own by root and the container get started as root which shouldn't be a problem.

But this line from the error log is very interesting:

chmod: changing permissions of '/var/lib/mysql//mysql': Operation not permitted

Looks like chmod uses the work path to change permissions.

@tianon Any idea why there is a wrong path?

[qedrakmar]

While this doesn't appear related to the mariadb image, I'd like to chime in to help explore the issue.

Just to narrow down where the issue is, can you try to run it with an explicit volume mount instead of the default volume (though that may open a whole other can of worms)? Create a C:\SOMEPATH\temp, then throw "-v /c/SOMEPATH/temp:/var/lib/mysql" into the docker run command, and let's see what happens. I'd like to then try it with a couple different file locations (Inside the docker folder structure, in C:\User[DockerUser], etc...) to see if it's resolvable with permissions, if it's inherent in LCOW's behavior, or if it's something else entirely.

[qedrakmar]

Also, here's some additional links, just for everyone playing along with the home game.

moby/moby#35297
moby/moby#35425
and last but apparently most relevant: https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers which explicitly mentions mysql and mariadb as having issues related to limitations in current bind mount implementation, which means my previous suggestion of trying explicit volumes probably won't work (but couldn't hurt to try).

[fabwu]

@qedrakmar Thanks for the links! I tried the following commands but with no luck:

docker run -v "C:\Users\fabian\temp/:/var/lib/mysql" -e MYSQL_ROOT_PASSWORD=my-secret-pw mariadb

docker run -v "C:\www\temp/:/var/lib/mysql" -e MYSQL_ROOT_PASSWORD=my-secret-pw mariadb

Mariadb creates some file in the temp-Folder but same error message.

I keep this bug open although it's not a image issue but maybe it's interesting someone else.

[los93sol]

Similar issues anytime I try to use a volume on any image. Looks like lots of people are running into similar issues, has there been any progress or workaround?

[liquidboy]

cross referencing to LCOW moby issue moby/moby#33850

[mtudor]

Seems related to moby/moby#35665 also.

It's not ideal, but I was able to get the image working by changing the mariadb data directory to a location that isn't mapped to a volume by default. Of course it won't be persisted this way, but at least it runs...

Dockerfile looks like this:

FROM mariadb
RUN sed -ri -e 's!^datadir(\s*)=(\s*)(.*)$!datadir\1=\2/var/lib/mysql-local!g' /etc/mysql/my.cnf

[tianon]

Why not just change CMD to change the datadir either at runtime or in your derived image? (less error-prone than a sed IMO)

$ docker run ... mariadb:X.Y --datadir /var/lib/mysql-local

or

FROM mariadb:X.Y
CMD ["--datadir", "/var/lib/mysql-local"]

[mtudor]

Perfect, thanks @tianon - I was hoping my comment might spur some alternative suggestions :)

[strarsis]

@tianon:
On WSL with Docker for Windows I get an error

mkdir: cannot create directory '/var/lib/mysql-local/': Permission denied

using CMD ["--datadir", "/var/lib/mysql-local"].

[mtudor]

@strarsis This is an informed guess (as I haven't tried it) but perhaps either:

1. continue using the --datadir parameter but add a specific mkdir and chown command to your Dockerfile for the new data directory;
   RUN mkdir /var/lib/mysql-local && chown mysql:mysql /var/lib/mysql-local

2. or use my original sed option above.

It looks like mariadb runs under a mysql user that does not have permission to write to /var/lib. When you use the --datadir parameter, mariadb attempts to create the directory but cannot.

[wglambert]

Original issue seems resolved so going to close