colima: Unable to write to bind mount

colima version 0.2.2
git commit: b2c7697bee2d73e995f156fe8e9870eb246c07e6

runtime: docker
client: v20.10.12
server: v20.10.7

uname -a
Darwin <REDACTED> 21.1.0 Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:23 PDT 2021; root:xnu-8019.41.5~1/RELEASE_X86_64 x86_64

When bind mounting a volume on the host, the filesystem is read only despite using docker functionality to allow for writing to the host

Steps to reproduce

Note that :Z is added to the -v parameter.

docker run -v "$(PWD):/output:Z"  bash:latest touch /output/foo.txt
touch: cannot touch '/output/foo.txt': Read-only file system

I’ve also tried 4. docker run -v "$(PWD)/output:z" bash touch /output/foo.txt 4. docker run -v "$(PWD)/output:rw" bash touch /output/foo.txt 3. docker run --privileged -v "$(PWD):/output:Z" bash touch /output/foo.txt 4. docker run -v "$(PWD)/output:rw" --group-add=dialout bash touch /output/foo.txt 5. sudo docker run -v "$(PWD)/output:rw" --group-add=dialout bash touch /output/foo.txt

With the same error

Files appear to be owned by 502:dialout

docker run -v "$(PWD)/CAD:/output:rw" bash ls -al /output
total 260
-rw-r--r-- 1 502 dialout  50758 Jan  7 02:48 MPB2015 Feet v4.f3d
-rw-r--r-- 1 502 dialout 212684 Jan  7 02:42 MPB2015-Feet.stl

Is this a known limitation? A bug? Or a misconfiguration on my part? Any guidance appreciated.

About this issue

Original URL
State: open
Created 2 years ago
Comments: 26 (4 by maintainers)

Most upvoted comments

When mounting Postgres data, they will be an error. Seems like the same issue. chown: changing ownership of '/var/lib/postgresql/data': Permission denied

+17

yinshangwei on Jan 12, 2022

Just a quick update:

I was able to solve this for some use cases. You need to use volumes instead of shared folders:

e.g. for the last docker-compose file use the volume postgres-data as follows:
version: '3'
services:
  db:
    image: "postgres:13.4"
    container_name: api-db
    volumes:
      - postgres-data:/var/lib/postgresql/data:Z
    environment:
      - POSTGRES_USER=apiDbUser
      - POSTGRES_PASSWORD=apiDbPassword
      - POSTGRES_DB=apiDb
    ports:
      - "5433:5432"
So use postgres-data:/var/lib/postgresql/data:Z instead of ./postgres-data:/var/lib/postgresql/data:Z

This issue is REALLY intereseting, becaus the error only happens, if a container tries to perform a chown to a folder shared via ssh-fs (what most DB Containers tend to do). In my case, I changed to docker volumes for my DB container and was able to write to a shared folder via my dev container while building a specific docker image with the access rights of my current user:

build script (USER and UID are already set via the shell):
#!/bin/bash

VERSION=$(git describe --always --dirty --tags)
CONTAINER=$(basename $PWD)
GID=$(id -g)

echo "building for $USER ($UID:$GID)"
export UID
export GID
export USER

docker build --build-arg USER --build-arg UID --build-arg GID -t ${CONTAINER}:${VERSION} .
Dockerfile:
FROM ghcr.io/baosystems/postgis:13-3.1

ARG USER
ARG UID
ARG GID

RUN adduser -u ${UID} --gid ${GID} ${USER}

ENV TZ=Europe/Berlin
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y \
    curl \
    jq \
    && rm -rf /var/lib/apt/lists/*

Please provide a solution - how to create volumes that will be mapped to the host directory. I mean to $HOME/some/directory/postgres-data.

DmitriiMukhin on Jan 28, 2022

Does the default mount give me write access though? I thought it was read only by default?

Used to be read-only, but changed to writable in version 0.3.0.

abiosoft on Jan 20, 2022

@spuder kindly update colima and lima and try again.

brew upgrade lima colima

abiosoft on Jan 13, 2022

It’s working now after running colima delete and colima start

iambudi on Jan 29, 2023

@HansG89 maybe you can use a light storage provider (like https://rook.io or https://longhorn.io) to create k8s persistent volumes? Otherwise is should also be possible to use NFS or other network storage option for k8s volumes.

Using local mount paths in k8s is always a dev workaround IMHO, because in production you almost always go with persistent volumes.

Thank you for your ideas. I used k3d to keep the setup as simple as possible. I don’t want to introduce another level of complexity because a developer, who should use the setup in his daily business should be able to focus on developing features and not on infrastructure. This is why the host path solution is preferred. Also it’s almost the same like the good old docker-compose setup. Anyways would be great if root cause in NixOS gets fixed as soon as possible 😉

HansG89 on Feb 2, 2022

@HansG89 maybe you can use a light storage provider (like https://rook.io or https://longhorn.io) to create k8s persistent volumes? Otherwise is should also be possible to use NFS or other network storage option for k8s volumes. Using local mount paths in k8s is always a dev workaround IMHO, because in production you almost always go with persistent volumes.

phaus on Feb 2, 2022

I just upgraded colima and lima, but I"m not seeing that bind mounts don’t work at all

brew upgrade lima colima
colima version 
  colima version 0.3.1
  git commit: 787ae5631ae8de072feef95a509c47fc93308b2e
  
  runtime: docker
  arch: x86_64
  client: v20.10.12
  server: v20.10.11
colima stop
colima delete
colima start
docker run -v "$(PWD):/output" bash touch "/output/foo.txt"
ls | wc -l
0 <-------------- This should say 1 because there should be 1 file named foo.txt in the directory

I’ve reproduced this twice now and I’m pretty sure this is a regression

spuder on Jan 13, 2022