docker 使用最简单的vscode devcontainers设置,无法从容器内部写入文件

slmsl1lt  于 2023-04-29  发布在  Docker
关注(0)|答案(1)|浏览(348)

我用的是vscode devcontainers
我的环境、设置和执行如下:
devcontainer@0.35.0Docker version 23.0.4, build f480fb1Docker Compose version v2.17.2ubuntu 20

.devcontainer
  |-  .devcontainer.json
  |-  Dockerfile

. devcontainer.json:

{
    "name": "Node.js",
    "build": {
        "dockerfile": "Dockerfile",
    },
    "settings": {
        "terminal.integrated.defaultProfile.linux": "bash",
        "terminal.integrated.profiles.linux": {
            "bash": {
                "path": "/bin/bash",
                "icon": "terminal-bash",
            },
        },
    },
    "extensions": [
        "dbaeumer.vscode-eslint"
    ],
}

Dockerfile:

FROM mcr.microsoft.com/devcontainers/typescript-node:20
$ devcontainer build .
[12 ms] @devcontainers/cli 0.35.0. Node.js v16.14.2. linux 5.15.0-41-generic x64.
[519 ms] Start: Run: docker buildx build --load --build-arg BUILDKIT_INLINE_CACHE=1 -f /tmp/devcontainercli-craig/container-features/0.35.0-1682146167065/Dockerfile-with-features -t vsc-testdevc-badaeb5eab5ce3c45f2eb0d49d69644c94fb162ab4a701e8569eeb7219cdbf07 --target dev_containers_target_stage --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label /home/craig/testDevc/.devcontainer
[+] Building 0.1s (6/6) FINISHED                                                
 => [internal] load build definition from Dockerfile-with-features         0.0s
 => => transferring dockerfile: 1.38kB                                     0.0s
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for mcr.microsoft.com/devcontainers/typescri  0.1s
 => CACHED [dev_container_auto_added_stage_label 1/1] FROM mcr.microsoft.  0.0s
 => preparing layers for inline cache                                      0.0s
 => exporting to image                                                     0.0s
 => => exporting layers                                                    0.0s
 => => writing image sha256:0fa55cc0ebea427319bfb7cb68823433bc84e04ebb016  0.0s
 => => naming to docker.io/library/vsc-testdevc-badaeb5eab5ce3c45f2eb0d49  0.0s
{"outcome":"success","imageName":["vsc-testdevc-badaeb5eab5ce3c45f2eb0d49d69644c94fb162ab4a701e8569eeb7219cdbf07"]}
$ devcontainer open
[229 ms] @devcontainers/cli 0.35.0. Node.js v16.14.2. linux 5.15.0-41-generic x64.

从容器内的vscode终端

node ➜ /workspaces/testDevc $ ls -al
total 12
drwxrwxr-x 3 root root 4096 Apr 22 06:49 .
drwxr-xr-x 3 root root 4096 Apr 22 06:49 ..
drwxrwxr-x 2 root root 4096 Apr 22 06:49 .devcontainer
node ➜ /workspaces/testDevc $ ls -an
total 16
drwxrwxr-x 3 0 0 4096 Apr 22 07:11 .
drwxr-xr-x 3 0 0 4096 Apr 22 06:49 ..
drwxrwxr-x 2 0 0 4096 Apr 22 06:49 .devcontainer
node ➜ /workspaces/testDevc $ whoami
node
node ➜ /workspaces/testDevc $ id
uid=1000(node) gid=1000(node) groups=1000(node),998(nvm),999(npm)
node ➜ /workspaces/testDevc $ groups
node nvm npm
node ➜ /workspaces/testDevc $ cat > test.txt
bash: test.txt: Permission denied
node ➜ /workspaces/testDevc $

从集装箱外的终端:

craig@desk:0:~/testDevc$ ls -al
total 16
drwxrwxr-x  3 craig craig 4096 Apr 22 00:11 .
drwxr-xr-x 55 craig craig 4096 Apr 21 23:48 ..
drwxrwxr-x  2 craig craig 4096 Apr 21 23:49 .devcontainer
craig@desk:0:~/testDevc$ whoami
craig
craig@desk:0:~/testDevc$ id
uid=1000(craig) gid=1000(craig) groups=1000(craig),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare),255(common),998(docker),1001(craig1001)
craig@desk:0:~/testDevc$ cat > test2.txt
hello
craig@desk:0:~/testDevc$ cat test2.txt
hello

可以看到,主机上的用户craig和容器上的用户node共享相同的uid。我认为这足以确保node能够写文件。
我错过了什么?会不会是因为主机是ubuntu linux而不是WSL?

83qze16e

83qze16e1#

1.摘要
这解释了如何使devcontainer创建的容器和主机都能够在同一个挂载目录上写入文件。
1 -在容器配置中,Dockerfile被修改,以便在写入时设置组写入权限标志。
2 -在主机端,首先创建与容器组匹配的新组,并将主机用户添加到该组。
3 -然后,设置开发目录和文件权限标志。

  1. Dockerfile
    将这一行添加到。devcountainer/Dockerfile:
    RUN su node -c "echo 'umask 0002' >> /home/node/.bashrc"
    例如,这是一个工作。devcountainer/Dockerfile:
ARG VARIANT=20-bullseye
FROM mcr.microsoft.com/devcontainers/javascript-node:0-${VARIANT}
RUN su node -c "echo 'umask 0002' >> /home/node/.bashrc"

1.在主机上添加组
在ubuntu 20主机的情况下,容器上用户拥有的文件的uid被观察到为100999。这可能因系统而异。
在主机上创建一个gid为100999的组,并将主机用户添加到该组。必须注销并重新登录才能生效。

sudo addgroup --gid 100999 g100999
sudo usermod -a -G g100999 craig

1.设置主机开发目录权限

sudo find . -type d -exec chmod g+rwxs {} +
sudo find . -type f -exec chmod g+rw {} +

相关问题