content

While trying to follow the wikijs development instructions, I found myself unable to run the project. The development instructions involve running the development environment in a container, which means that it needs to bind mount the repository into the container:

$ sudo docker compose -f dev/containers/docker-compose.yml up -d
 ✔ Image postgres:17-alpine   Pulled                                               24.6s
 ✔ Image adminer:latest       Pulled                                               25.1s
 ✔ Image containers-wiki      Built                                                85.4s
 ✔ Network containers_default Created                                               0.1s
 ✔ Container wiki-adminer     Started                                               0.5s
 ✔ Container wiki-db          Started                                               0.5s
 ⠸ Container wiki-app         Starting                                              0.6s
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/var/lib/docker/231072.231072/volumes/2c5b94522b3c1bec7de4421e247b225664b5cdda47c4fe587c3c2b5d73dbb409/_data" to rootfs at "/wiki/node_modules": create mountpoint for /wiki/node_modules mount: make mountpoint "/wiki/node_modules": mkdirat /var/lib/docker/231072.231072/overlay2/238c36d31794b699ac6c41eb7d58b94a764c545ad4f949703821c8c6ed4afdf1/merged/wiki/node_modules: permission denied

Checking the permissions, I can see that the files are not mounted into the container properly.

$ sudo docker exec wiki-app ls -al /wiki
drwxr-xr-x 11 nobody nogroup   4096 Apr 27 04:42 .

I look up this issue online, and I get the general impression that this happens when the container specifies a user that doesn't exist on the host. So, I check the user:

$ sudo docker exec wiki-app id
uid=0(root) gid=0(root) groups=0(root)

The root user definitely does exist on the host, but I try to change it to my user anyway by adding user: "1000:1000" to the docker compose file. This does not fix the problem.

After trying a few more things and thinking about it, I realize that this might be happening because of user namespace isolation. So, I look up a way to selectively disable it for this particular project and add userns_mode: "host" to the container definition. This time, running the container works!

meta

created:

backlinks: Docker bind mounts files as owned by nobody

commit: 5bd93e42