I use Fedora 35 Silverblue. I followed this article on how to make podman and docker-compose friends in rootless mode.
I made a simple project:
.
├── docker-compose
│ └── app
│ ├── Dockerfile
│ └── entrypoint.sh
└── docker-compose.yml
Permissions for docker-compose/app/entrypoint.sh are -rwxrwxr-x..
docker-compose.yml:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app
entrypoint: docker-compose/app/entrypoint.sh
docker-compose/app/Dockerfile:
FROM ruby
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh:
#!/bin/bash
echo "Hello world"
When I run docker-compose up --build I receive:
Removing app
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/2: FROM ruby
STEP 2/2: WORKDIR /usr/src/app
--> Using cache 39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
COMMIT app
--> 39d51dee763
Successfully tagged localhost/app:latest
Successfully tagged localhost/test-compose_app:latest
39d51dee76399b2b7f06dc174e240f55b57acf4608a639146c0f67fd22b5bdb6
Recreating 9b852c5536a3_app ... done
Attaching to app
app | /bin/bash: /usr/src/app/docker-compose/app/entrypoint.sh: Permission denied
app exited with code 126
So, it can run the entrypoint though can't access the bash inside container as far as I understand.
The same project runs ok on MacOs though with docker. If I copy the entrypoint in dockerfile it works but I don't want to rebuild my image every time I change something in entrypoint.
Is there a possibility to resolve this issue?
Thank you in advance
UPD: It doesn't work even if entrypoint is copied
docker-compose/app/Dockerfile
FROM ruby
COPY docker-compose/app/entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh
WORKDIR /usr/src/app
docker-compose/app/entrypoint.sh
#!/bin/bash
echo "Hello world"
whoami
pwd
ls -la .
$ docker-compose up --build
Building app
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/4: FROM ruby
STEP 2/4: COPY docker-compose/app/entrypoint.sh /entrypoint.sh
--> Using cache 6da30c949d2f7c7cf1f4a293c3f4aebe23843e87a124317afafe67cdc117e6ab
--> 6da30c949d2
STEP 3/4: ENTRYPOINT /entrypoint.sh
--> Using cache 6fdcaf571d83ac713235b0bb3c816f707b4257b6f55911675ef65a91d981c41d
--> 6fdcaf571d8
STEP 4/4: WORKDIR /usr/src/app
--> Using cache 70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
COMMIT app
--> 70f7f580ac7
Successfully tagged localhost/app:latest
70f7f580ac7dd13fdace59fe2bc26c694105f76e9c87a33fc24b38299438b216
Recreating app ... done
Attaching to app
app | Hello world
app | root
app | /usr/src/app
app | ls: cannot open directory '.': Permission denied
app exited with code 2
Seems like user inside container lacks the permissions but user is root...
It looks like you're running on a system running SELinux. You need to modify your bind mount to modify the labelling of your file to make it accessible inside the container:
version: '3.7'
services:
app:
container_name: app
image: app
build:
context: .
dockerfile: docker-compose/app/Dockerfile
volumes:
- .:/usr/src/app:z
entrypoint: docker-compose/app/entrypoint.sh
Note the :z added to the bind mount.