CODEWITHSUNDEEP
pythondocker
Denis Solovev
Denis Solovev

Reputation: 99

Can't run python script with interpreter inside docker [Errno 13] Permission denied

i'm pretty new at docker and i try to isolate my python interpreter with some modules but i stuck in the beginning.

I created a simple script like :

print "Hello world"

save it in /home/my_user/script.py

than run docker run -it --rm --name my-first-python-script -v /home/my_user:/home/my_user python:2 python /home/my_user/script.py

and than get

python: can't open file '/home/my_user/script.py': [Errno 13] Permission denied

How can i run it with correct permissions?

Docker version 1.10.3, build e03ddb8/1.10.3

OS is Fedora 23 (Workstation Edition)

Looks like its selinux fault. For now, i still have no idea how to fix this.

SELinux is preventing python from read access on the file h.py.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that python should be allowed read access on the h.py file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'python' --raw | audit2allow -M my-python
# semodule -X 300 -i my-python.pp

Additional Information:
Source Context                system_u:system_r:container_t:s0:c364,c980
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                h.py [ file ]
Source                        python
Source Path                   python
Port                          <Unknown>
Host                          densolovev
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-224.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     densolovev
Platform                      Linux densolovev 4.8.6-300.fc25.x86_64 #1 SMP Tue
                              Nov 1 12:36:38 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2017-03-11 20:59:09 +07
Last Seen                     2017-03-11 20:59:09 +07
Local ID                      4cfe1e00-555b-4294-aa88-e057cf831959

Raw Audit Messages
type=AVC msg=audit(1489240749.667:329): avc:  denied  { read } for  pid=4951 comm="python" name="h.py" dev="dm-2" ino=2102911 scontext=system_u:system_r:container_t:s0:c364,c980 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


Hash: python,container_t,user_home_t,file,read

Upvotes: 2

Views: 9825

Answers (2)

Angelo Mendes
Angelo Mendes

Reputation: 978

Change the owner's folder to your user and group.

chown user:user folder

Upvotes: 0

Denis Solovev
Denis Solovev

Reputation: 99

Here's the answer. Mount with :Z param.

-v /home/my_user:/home/my_user:Z

found here

https://stackoverflow.com/a/31334443/7682723

Upvotes: 2

Related Questions