"Operation not permitted" from docker container logged as root

hugoDuf picture hugoDuf · Oct 21, 2019 · Viewed 8.5k times · Source

I need your help to understand my problem.

I updated my macintosh with Catalina last week, then i updated docker for mac.

Since those updates, i have ownership issues on shared volumes.

I can reproduce with a small example. I just create a small docker-compose which build a nginx container. I have a folder src with a PHP file like this "src/index.php".

I build the container and start it. Then i go to /app/www/mysrc (shared volume) and tape "ls -la" to check if the index.php is OK and i get :

ls: cannot open directory '.': Operation not permitted

Here is a simple docker-compose file : docker-compose.yml :

version: "3"

services:
  test-nginx:
    restart: always
    image: 'nginx:1.17.3'
    ports:
      - "8082:80"
    volumes:
      - ./src:/app/www/mysrc

When i build and start the container, i get :

$ docker-compose exec test-nginx sh
# cd /app/www
# ls -la
total 8
drwxr-xr-x 3 root root 4096 Oct 21 07:58 .
drwxr-xr-x 3 root root 4096 Oct 21 07:58 ..
drwxr-xr-x 3 root root   96 Oct 21 07:51 mysrc
# cd mysrc
# ls -la
ls: cannot open directory '.': Operation not permitted
# whoami
root

So, my nginx server is down because nginx can't access to the source files.

Thanks for your help.

Answer

Ay0 picture Ay0 · Oct 21, 2019

If it was working prior to the update to Catalina, the issue is due to the new permissions requested by Catalina.

Now, macOS requests permissions for everything, even for accessing a directory. So, probably you had a notification about granting Docker for Mac permission to access the shared folder, you didn't grant it, and now you are facing the outcome of such action.

To grant privileges now, go to System preferences > Security & Privacy > Files and Folders, and add Docker for Mac and your shared directory.