Docker Mount host directory Docker access appears permission denied solution __docker

Docker mount the host directory, access to the appropriate files Premission denied permission access issues,

[Root@localhost soft]# Docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
Docker.io/centos    7.2.1511            686672a1d0cc        5 weeks ago  
//mount the/soft directory on the host to Docker directory, the front is the host directory, followed by the/soft directory. 
Docker run-i-t-v/soft:/soft 686672a1d0cc/bin/bash

After the mount, view the appropriate file with the following prompts:

[root@ba471da26d07 soft]# ls
ls:cannot access jdk-8u102-linux-x64.tar.gz:permission denied
hadoop-2.7.2.tar.gz  jdk-8u102-linux-x64.tar.gz

   The reason for the problem and the solution is that the
   security module in CentOS7 selinux the permissions, at least in the following three ways to solve the problem of the mounted directory does not have permissions:
   1. When running the container, add privileges to the container and add--privileged= True parameter:
   docker run-i-t-v/soft:/soft--privileged=true 686672a1d0cc/bin/bash
   2. Temporarily close SELinux:
   Setenforce 0
   3. Add SELinux rules to change the security text of the directory you want to mount

# Change the format of the security text as follows Chcon [-r] [-t type] [-u user] [R-Role] file or directory selection is not parameter:-r: Together with the directory of the next directory is also modified; t: Follow the Security article's Type field.  For example, httpd_sys_content_t-u: followed by identification, such as System_u-r: Back street 觇 color, such as System_r [Root@localhost desktop]# chcon--help: Chcon [OPTION] ... Context FILE ... or:chcon [OPTION] ... [-U USER] [R Role] [-L RANGE] [-T TYPE]
File ... Or:chcon [OPTION] ...--reference=rfile file ...
Change the SELinux security context in each FILE to context.

With--reference, change the "security context of" of each FILE to that of Rfile.
      Mandatory arguments to long options are mandatory for short options too. --dereference affect the referent of each symbolic link (this is the default), rather than t        He symbolic link itself-h,--no-dereference affect symbolic links instead an any referenced file-u,--user=user
  Set user user in the target security context-r,--role=role set role in the target security context     -T,--type=type   Set type type in the target security context-l,--range=range set range range in the target security context --no-preserve-root do not treat '/' specially (the default)--preserve-root fail to operate recursively on '
  /'--reference=rfile use Rfile ' s security context rather than specifying a context value -R,--recursive operate on files and directories recursively-v,--verbose output a diagnostic for ever  Y file processed The following options modify how a hierarchy are traversed when the-r option is also specified.

  If more than one was specified, only the final one takes effect.
  -H if a command line argument are a symbolic link to a directory, traverse it                     -l traverse every symbolic link to a directory encountered-p Don't traverse any symbolic links (default)--help Display this HELP and exit--version output version information and exit GNU coreutils online Help: <HTTP://WWW.GNU.ORG/SOFTW
 are/coreutils/> for complete documentation, Run:info coreutils ' Chcon invocation '

To modify the security document for the/soft directory in the host

[Root@localhost desktop]# chcon-rt svirt_sandbox_file_t/soft

[root@ba471da26d07 soft]# ll Total
384264
- Rw-r--r--. 1 root 212046774 Aug  8 10:01 hadoop-2.7.2.tar.gz
-rw-r--r--. 1 root root 181435897 Aug  8 09:23 jdk-8u102- Linux-x64.tar.gz

The relevant resources in the directory can be accessed normally in Docker.

You can also refer to the following links:
https://yq.aliyun.com/articles/53990