moby: docker cp gives 'operation not permitted' but does still copy file

Output:

$ docker version
Client version: 0.8.0
Go version (client): go1.2
Git commit (client): cc3a8c8
Server version: 0.8.0
Git commit (server): cc3a8c8
Go version (server): go1.2

$ docker run -i -t ubuntu:12.04 bash
root@a3e2b4c7b9cd:/# ls /etc > /tmp/run.log
root@a3e2b4c7b9cd:/# exit
exit

[error] commands.go:2496 Couldn't send EOF: use of closed network connection

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
a3e2b4c7b9cd        ubuntu:12.04        bash                 54 seconds ago      Exit 0                                  high_ritchie

$ docker cp a3e2b4c7b9cd:/tmp/run.log /tmp/
2014/02/07 15:49:58 operation not permitted

$ echo $?
1

$ ls -las /tmp/run.log
8 -rw-r--r--  1 graham  wheel  1029  7 Feb 15:49 /tmp/run.log

The docker service is running with boot2docker 0.5.4 on MacOS X.

Source of error and reason for it is not known.

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 19 (13 by maintainers)

Most upvoted comments

This docker cp out from container fail behaviour is a little bit quirky. Simple explaination: If you docker cp out a directory as root then the directory is recursively copied out okay. If you docker cp out a directory as non-root user and write permission is not set on any directory in the hierarchy which contains something then the docker cp command will copy dirs and files until fail on copying next file into that not-writeable directory with “open <dir-which-is-not-writable>/<nextfile> permission denied”.

I see this with docker 17.03.1 centos cp from container July 2017.

At Dockerfile or docker build time when creating directories in docker image which will be copied out of container using docker cp (as not root user) then ensure that top level writeable permission is set on each directory. e.g. ‘find <dir> -type d -exec chmod +w {} +’.

+1
Gaoithe on Jul 21, 2017

This issue is still present in 0.10.

I’m running docker on OS X with boot2docker. When I sudo docker cp <containter>:<path> <hostpath> a directory inside the vm, it works. If I omit sudo, it simply creates an empty directory named <path> and fails with this error message.

The same failure happens when issuing the docker cp command on the OS X host: it creates an empty directory on the host and fails.

+1
alco on Apr 9, 2014

(or better yet, do like rsync and default those to false, and have --owner and --group for when you want them copied)

+1
tianon on Feb 19, 2014
Read more comments on GitHub
← moby: docker containers experience packet loss or slow network (EAI_AGAIN in application)
moby: Docker creates firewall rules in nat table that forward packets to wrong container IPs →