Home > Back-end >  Golang Dockerfile permission denied
Golang Dockerfile permission denied

Time:07-21

I it seems like there is an error in the permission distribution on my Dockerfile and i can't seem to resolve it.

here is the error

Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/my-app": permission denied: unknown

Here is my Dockerfile

# syntax=docker/dockerfile:1

##
## Build
##
FROM golang:1.19rc2-buster AS build

WORKDIR /app

COPY src/go.mod ./
COPY src/go.sum ./
RUN go mod download

COPY src/*.go ./

RUN go build -o /my-app

##
## Deploy
##
FROM gcr.io/distroless/base-debian10

WORKDIR /

COPY --from=build /my-app /my-app

USER nonroot:nonroot

ENTRYPOINT ["/my-app"]

and here is my docker-compose

version: "3.7"

services:
  golang:
    container_name: golang
    build:
      dockerfile: go.Dockerfile
    ports:
      - 8080:80
    depends_on:
      - cassandra
    restart: always
  cassandra:
    container_name: cassandra
    image: cassandra:latest
    restart: always
    ports:
      - 9042:9042

CodePudding user response:

The issue seems to be that you define thenonroot user in your dockerfile, who doesn't have the necessary privileges to execute my-app which needs root permissions.

You should use the optional flag --chown=<user>:<group> with either the ADD or COPY commands, in order to specify the needed rights

For example

COPY --chown=<user>:<group> <hostPath> <containerPath>

In your case change your COPY command to

COPY --from=build --chown=nonroot:nonroot /my-app /my-app

CodePudding user response:

Just make sure that your go code contain a

package main

Page link:https//www.codepudding.com/Backend/482415.html

Prev:How to set absolute path for docker volume in docker-compose?
Next:Plot sensitivity and specificity and find the intersecting point
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding