无法在 Google Container-Optimized OS 上运行可执行的 shell 脚本
[英]Cannot run executable shell script on Google Container-Optimized OS
问题描述
On any other linux distro, I can create a file with a shebang and run shell scripts like so:
在任何其他 linux 发行版上,我可以使用 shebang 创建一个文件并运行 shell 脚本,如下所示:
$ chmod +x test.sh
$ ./test.sh Johnny
hello Johnny
But on Google Cloud Platform Container-Optimized OS, I get -bash: ./test.sh: Permission denied但是在 Google Cloud Platform Container-Optimized OS 上,我得到-bash: ./test.sh: Permission denied
If I prefix with sh eg sh test.sh Johnny it will work.如果我以sh前缀,例如sh test.sh Johnny ,它将起作用。 How can I get this to work normally?我怎样才能让它正常工作?
$ cat test.sh
#!/usr/bin/env sh
echo "Hello $@"
matt@rancher-4mmm /tmp/matt $ chmod +x test.sh
matt@rancher-4mmm /tmp/matt $ sh ./test.sh matt
Hello matt
matt@rancher-4mmm /tmp/matt $ ./test.sh matt
-bash: ./test.sh: Permission denied
matt@rancher-4mmm /tmp/matt $ ls -la
total 4
drwxr-xr-x 2 matt matt 60 Feb 28 20:00 .
drwxrwxrwt 14 root root 280 Feb 28 19:59 ..
-rwxr-xr-x 1 matt matt 35 Feb 28 20:00 test.sh
4 个解决方案
解决方案1
15 已采纳 2018-05-10 18:33:24
Most filesystems on a COS node are mounted with "noexec" flag so you can't execute binaries from them. COS 节点上的大多数文件系统都挂载了“noexec”标志,因此您无法从它们执行二进制文件。
Some workarounds:一些解决方法:
- For scripts, invoke the interpreter with the script as the argument, "bash /path/script.sh", "python /path/app.py"对于脚本,使用脚本作为参数调用解释器,“bash /path/script.sh”,“python /path/app.py”
- Mount an extra data disk under /mnt/disks.在 /mnt/disks 下挂载一个额外的数据磁盘。 You can mount it without the "noexec" flag.您可以在没有“noexec”标志的情况下安装它。 Use startup-script to mount at boot.使用启动脚本在启动时挂载。
解决方案2
5 2018-03-01 01:20:12
Container-Optimized OS mounts the file-system with "noexec" flag except "Among the writable locations, only /var/lib/docker and /var/lib/cloud are mounted as "executable" (ie without the noexec mount flag)." Container-Optimized OS 使用“noexec”标志挂载文件系统,除了“在可写位置中,只有 /var/lib/docker 和 /var/lib/cloud 挂载为“可执行”(即没有 noexec 挂载标志)。 ” [1] . [1] . You can verify with the following command:您可以使用以下命令进行验证:
mount | grep noexec
For more information on the layout of Container-Optimized OS (COS) file system, refer to the documentation .有关 Container-Optimized OS (COS) 文件系统布局的更多信息,请参阅文档。 The 'noexec' option do not allow direct execution of any binaries on the mounted filesystem. 'noexec' 选项不允许在挂载的文件系统上直接执行任何二进制文件。 This is because of by default security lock-down implementation on COS.这是因为默认情况下 COS 上的安全锁定实现。
解决方案3
3 2019-06-16 06:22:46
If you want to run a binary one-off and don't want to deal with having another PD, you could also just mount a tmpfs device and run it from there.如果您想一次性运行二进制文件并且不想处理另一个 PD,您也可以只安装一个 tmpfs 设备并从那里运行它。
sudo mkdir /mnt/disks/scratch
sudo mount -t tmpfs tmpfs /mnt/disks/scratch/
解决方案4
1 2021-01-07 13:44:45
One solution is to use another image family, eg ubuntu .一种解决方案是使用另一个图像系列,例如ubuntu 。
There, /tmp/ is not mounted with noexec .在那里, /tmp/没有挂载noexec 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.