将 Go 服务器作为 Docker 容器运行时出现权限被拒绝错误

Question

I would like to deploy my Go server to Google Cloud Run. I copied the Dockerfile from this guide.

FROM golang:1.13 as builder

WORKDIR /app

COPY go.* ./
RUN go mod download

COPY . ./

RUN CGO_ENABLED=0 GOOS=linux go build -v -o server
RUN chmod a+x server

FROM alpine:3
RUN apk add --no-cache ca-certificates

COPY --from=builder /app/server /server

CMD ["/server"]

Before deploying it to Cloud Run, I wanted to test it locally by building the image with docker build -t server. and running the container with docker run server .

It fails with the following error:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"/server\": permission denied": unknown.

Thanks for your help.

Answer 1

Potential Problem 1

If changing alpine to debian work for you, it means this is an issue with cross-compilation.

The golang image is debian based, and uses glibc, alpine image uses musl libc. Sometimes these have incompatibilities and expose themselves in worst possible error messages.

So I suspect this is not a Cloud Run issue but something before that. To verify, you can also run your container locally as if it's running on Cloud Run https://cloud.google.com/run/docs/testing/local

---

Potential Problem 2

Something similar happened to me once and it turns out the package I was building was not package main . So instead of producing an executable binary, I was producing an object file (.o), and of course no matter how hard I "chmod +x", that was not launching.

Verify the go package path you are building actually is a package main .

Answer 2

try adding RUN chmod a+x to final build.

COPY --from=builder /app/server /server
RUN chmod a+x /server
CMD ["/server"]

Answer 3

I was getting the permission denied error as well after using the Dockerfile provided by this Firebase Tutorial for GoLang on Cloud Run.

Apparently it can be because alpine linux is so stripped down that it is missing critical packages needed for your container to build or run properly.

For my situation, it was missing git . I added git to the RUN line, just after ca-certificates to ensure it was installed. My Cloud Run instance works properly after this change.

See this comment on the Docker Library GoLang Github for more details.

# Use the official Golang image to create a build artifact.
# This is based on Debian and sets the GOPATH to /go.
FROM golang:1.19 as builder

# Create and change to the app directory.
WORKDIR /app

# Retrieve application dependencies using go modules.
# Allows container builds to reuse downloaded dependencies.
COPY go.* ./
RUN go mod download

# Copy local code to the container image.
COPY . ./

# Build the binary.
# -mod=readonly ensures immutable go.mod and go.sum in container builds.
RUN CGO_ENABLED=0 GOOS=linux go build -mod=readonly -v -o server

# Use the official Alpine image for a lean production container.
# https://hub.docker.com/_/alpine
# https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
FROM alpine:3
RUN apk add --no-cache ca-certificates git

# Copy the binary to the production image from the builder stage.
COPY --from=builder /app/server /server

# Run the web service on container startup.
CMD ["/server"]