I'm trying to start a Nginx container that serve static content located on the host, in /opt/content.
The container is started with :
docker run -p 8080:80 -v /opt/content:/usr/share/nginx/html nginx:alpine
And Nginx keeps giving me 403 Forbidden. Moreover, when trying to inspect the content of the directory, I got strange results :
$ $ docker exec -i -t inspiring_wing /bin/sh
/ # ls -l /usr/share/nginx/
total 4
drwxrwxrwx 3 root root 4096 Aug 15 08:08 html
/ # ls -l /usr/share/nginx/html/
ls: can't open '/usr/share/nginx/html/': Permission denied
total 0
I chmod -R 777 /opt/ to be sure there are no restriction on the host, but it doesn't change anything. I also try to add :ro flag to the volume option with no luck.
How can I make the mounted volume readable by the container ?
UPDATE : here are the full steps I done to reproduce this problem (as root, and with another directory to start from a clean config) :
mkdir /public
echo "Hello World" > /public/index.html
chmod -R 777 /public
docker run -p 8080:80 -d -v /public:/usr/share/nginx/html nginx:alpine
docker exec -i -t inspiring_wing /bin/sh
ls -l /usr/share/nginx/html
And this last command inside the container returns me : ls -l /usr/share/nginx/html. Of course, replace inspiring_wing by the name of the created container.
The problem was caused by SELinux that prevented Docker to access the file system.
If someone has the same problem than this post, here is how to check if it's the same situation :
1/ Check SELinux status: sestatus. If the mode is enforcing, it may block Docker to access filesystem.
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
2/ Change mode to permissive: setenforce 0. There should be no more restrictions on Docker.