podman MongoDB docker-entrypoint.sh 权限被拒绝

Question

我是 docker 和 podman 的新手。 我想在 podman 中运行 MongoDB。 所以尝试像这样运行它：-

❯ podman run -it --name mongo -p 27017:27017 --mount type=volume,src=mongodbdata,dst=/data/db mongo

但我得到错误

error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied

这是什么意思？ 我什至在主机上都没有文件“/usr/local/bin/docker-entrypoint.sh”。 我用高山 Linux 图像测试了上述相同的命令，它可以工作

我没有对这台机器的 root 访问权限，这就是我使用系统管理员已经安装的 podman 的原因

编辑：

我在我的笔记本电脑上对其进行了测试，在该笔记本电脑上我具有 docker 和 podman 的 root 访问权限。 在上述命令中用 docker 替换 podman 有效。 我以为 docker 图像与 podman 兼容

这里有更多信息：-

❯ podman run --log-level=debug -it -p 27017:27017 mongo      
INFO[0000] podman filtering at log level debug          
DEBU[0000] Called run.PersistentPreRunE(podman run --log-level=debug -it -p 27017:27017 mongo) 
DEBU[0000] Ignoring libpod.conf EventsLogger setting "/home/smit/.config/containers/containers.conf". Use "journald" if you want to change this setting and remove libpod.conf files. 
WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available 
WARN[0000] For using systemd, you may need to login using an user session 
WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 1000` (possibly as root) 
WARN[0000] Falling back to --cgroup-manager=cgroupfs    
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/smit/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/smit/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/smit/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/smit/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs 
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
INFO[0000] Setting parallel job count to 25             
DEBU[0000] Adding port mapping from 27017 to 27017 length 1 protocol "" 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/mongo:latest" 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/mongo:latest" 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] exporting opaque data as blob "sha256:6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/mongo:latest" 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] exporting opaque data as blob "sha256:6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] Image has volume at "/data/configdb"         
DEBU[0000] Adding anonymous image volume at "/data/configdb" 
DEBU[0000] Image has volume at "/data/db"               
DEBU[0000] Adding anonymous image volume at "/data/db"  
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading seccomp profile from "/etc/containers/seccomp.json" 
DEBU[0000] Allocated lock 47 for container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 
DEBU[0000] parsed reference into "[overlay@/home/smit/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] exporting opaque data as blob "sha256:6d11486a97a77beaad31f63463a744dc3070ed4070bd15a695898a171f349441" 
DEBU[0000] created container "00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" 
DEBU[0000] container "00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" has work directory "/home/smit/.local/share/containers/storage/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata" 
DEBU[0000] container "00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" has run directory "/run/user/1000/containers/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata" 
DEBU[0000] Creating new volume b3ca67f9abbe56e9c61a06691748946d4b5b88454fca058081eb4648c4b326b4 for container 
DEBU[0000] Validating options for local driver          
DEBU[0000] Creating new volume 6e7e1f8e348a6afb9c74572b4ea4cbaf60efee56e75267aa2e1e4058a4b09ef4 for container 
DEBU[0000] Validating options for local driver          
DEBU[0000] container "00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" has CgroupParent "/libpod_parent/libpod-00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" 
DEBU[0000] Handling terminal attach                     
DEBU[0000] overlay: mount_data=lowerdir=/home/smit/.local/share/containers/storage/overlay/l/6W3C3BRJTOUQZKWQ7RBRHSM32O:/home/smit/.local/share/containers/storage/overlay/l/TQAHZTPSF7467SRMJCLENCMBUG:/home/smit/.local/share/containers/storage/overlay/l/DDVRRCSLXT77EAVO7Y4YSF6L2Z:/home/smit/.local/share/containers/storage/overlay/l/YMJLBF5EKHWR7OUQKORAPRJG6Z:/home/smit/.local/share/containers/storage/overlay/l/6LOHLSKBDQB7ERTO4RMO5AXT7D:/home/smit/.local/share/containers/storage/overlay/l/XUOL3SXVQGBLFDHNFDCF47UAV2:/home/smit/.local/share/containers/storage/overlay/l/DUIZKNM2YD3PBU74UDG5UG66YX:/home/smit/.local/share/containers/storage/overlay/l/OWILGGQNAKZQJX6B75P2BZBRUH:/home/smit/.local/share/containers/storage/overlay/l/EJ5HQ7G656LO2QJBHAV4R62OYR:/home/smit/.local/share/containers/storage/overlay/l/QWI25EXSXNE56WUBHZWIBN4P6T:/home/smit/.local/share/containers/storage/overlay/l/HZX6LWHWMDSAXH5YOFYCG2JGJV:/home/smit/.local/share/containers/storage/overlay/l/QWOJ4RMIMZIZPEAXVIWRXZD3R3:/home/smit/.local/share/containers/storage/overlay/l/BRQ6IW53F6SFH7BU65J5LUPOUS,upperdir=/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/diff,workdir=/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/work 
DEBU[0000] Made network namespace at /run/user/1000/netns/cni-2670cd7d-fda0-861a-d0b6-fa25e6bd2746 for container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 
DEBU[0000] mounted container "00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6" at "/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged" 
DEBU[0000] Copying up contents from container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 to volume b3ca67f9abbe56e9c61a06691748946d4b5b88454fca058081eb4648c4b326b4 
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1000/netns/cni-2670cd7d-fda0-861a-d0b6-fa25e6bd2746 tap0 
DEBU[0000] Creating dest directory: /home/smit/.local/share/containers/storage/volumes/b3ca67f9abbe56e9c61a06691748946d4b5b88454fca058081eb4648c4b326b4/_data 
DEBU[0000] Calling TarUntar(/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged/data/configdb, /home/smit/.local/share/containers/storage/volumes/b3ca67f9abbe56e9c61a06691748946d4b5b88454fca058081eb4648c4b326b4/_data) 
DEBU[0000] TarUntar(/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged/data/configdb /home/smit/.local/share/containers/storage/volumes/b3ca67f9abbe56e9c61a06691748946d4b5b88454fca058081eb4648c4b326b4/_data) 
DEBU[0000] Copying up contents from container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 to volume 6e7e1f8e348a6afb9c74572b4ea4cbaf60efee56e75267aa2e1e4058a4b09ef4 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="starting parent driver" 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="opaque=map[builtin.readypipepath:/run/user/1000/libpod/tmp/rootlessport770954933/.bp-ready.pipe builtin.socketpath:/run/user/1000/libpod/tmp/rootlessport770954933/.bp.sock]" 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="starting child driver in child netns (\"/proc/self/exe\" [containers-rootlessport-child])" 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="waiting for initComplete" 
DEBU[0000] Creating dest directory: /home/smit/.local/share/containers/storage/volumes/6e7e1f8e348a6afb9c74572b4ea4cbaf60efee56e75267aa2e1e4058a4b09ef4/_data 
DEBU[0000] Calling TarUntar(/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged/data/db, /home/smit/.local/share/containers/storage/volumes/6e7e1f8e348a6afb9c74572b4ea4cbaf60efee56e75267aa2e1e4058a4b09ef4/_data) 
DEBU[0000] TarUntar(/home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged/data/db /home/smit/.local/share/containers/storage/volumes/6e7e1f8e348a6afb9c74572b4ea4cbaf60efee56e75267aa2e1e4058a4b09ef4/_data) 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="initComplete is closed; parent and child established the communication channel" 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="exposing ports [{27017 27017 tcp }]" 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg=ready 
DEBU[0000] rootlessport: time="2020-07-21T23:17:10+05:30" level=info msg="waiting for exitfd to be closed" 
DEBU[0000] rootlessport is ready                        
DEBU[0000] Created root filesystem for container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 at /home/smit/.local/share/containers/storage/overlay/14cdd8f10c1c69f50ce5960258a59b61784ec833ef685db5842c1b5ec3065538/merged 
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode secret 
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d 
DEBU[0000] Created OCI spec for container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 at /home/smit/.local/share/containers/storage/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -c 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 -u 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 -r /usr/bin/runc -b /home/smit/.local/share/containers/storage/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata -p /run/user/1000/containers/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata/pidfile -n sharp_wright --exit-dir /run/user/1000/libpod/tmp/exits --socket-dir-path /run/user/1000/libpod/tmp/socket -l k8s-file:/home/smit/.local/share/containers/storage/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata/ctr.log --log-level debug --syslog -t --conmon-pidfile /run/user/1000/containers/overlay-containers/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/smit/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg cgroupfs --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mount_program=/usr/bin/fuse-overlayfs --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg --syslog --exit-command-arg true --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6]"
WARN[0000] Failed to add conmon to cgroupfs sandbox cgroup: error creating cgroup for cpuset: mkdir /sys/fs/cgroup/cpuset/libpod_parent: permission denied 
DEBU[0001] Received: 50374                              
INFO[0001] Got Conmon PID as 50363                      
DEBU[0001] Created container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 in OCI runtime 
DEBU[0001] Attaching to container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 
DEBU[0001] connecting to socket /run/user/1000/libpod/tmp/socket/00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6/attach 
DEBU[0001] Starting container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 with command [docker-entrypoint.sh mongod] 
DEBU[0001] Received a resize event: {Width:237 Height:61} 
DEBU[0001] Started container 00bd55ff69f03e7b165e35540c6cb5af41e2f6a2eeafa508298fe141a68ca0a6 
error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied
DEBU[0001] Enabling signal proxying                     
DEBU[0001] Called run.PersistentPostRunE(podman run --log-level=debug -it -p 27017:27017 mongo) 

Answer 1

它也有 umask。 将 umask 设置为 022 有效

Answer 2

跑之前。 由 root 和 chmod -R 755 名称文件运行