Distribution: /dev/fuse with wrong permissions in OSX

Created on 13 Feb 2019 · 3Comments · Source: distribution/distribution

I'm trying to run a FUSE based program within my docker container. However, /dev/fuse has the wrong permissions in OSX. I'm using opensuse/leap:latest as my base image, but AFAIK this happens with all linux-based images.

I'm running the container in privileged mode. Under Ubuntu, it works fine. When I run the FUSE based program using Docker's CMD, the /dev/fuse has the following permissions:

crw-rw-rw- 1 root root 10, 229 Feb 13 14:08 /dev/fuse

Now, when I run the exact same Dockerimage under OSX, /dev/fuse has the following permissions:

crw-rw---- 1 root root 10, 229 Feb 13 15:34 /dev/fuse

This is annoying, because I'm only able to run the FUSE program as root, which is not desirable in my case. I'm pretty sure /dev/fuse always has only root permissions when the docker containers run using OSX as the host.

I have two workarounds:
-> Run my program as root - not desirable
-> Manually change /dev/fuse permissions. The problem here is that /dev/fuse does not exist while the Dockerimage is in building phase. So I'd have to change in my CMD, but at this point I'd already switched to the local user, which does not have permissions to change /dev/fuse permissions

Source

felipeek

👍3

Most helpful comment

I also have this issue - an update would be appreciated

hrpatel on 24 Jun 2019

👍2

All 3 comments

I also have this issue - an update would be appreciated

hrpatel on 24 Jun 2019

👍2

I also have this issue.
OsX version: 10.14.5
Docker version: Docker version 18.09.7, build 2d0083d

klalafaryan on 15 Jul 2019

👍1

My workaround for this is the following script which I prepend to the entrypoint for local development on Mac.

fix-docker-mac-fuse-then.sh:

#!/bin/bash
# Fix Docker mac fuse then execute command in arguments.
# https://github.com/docker/distribution/issues/2853
set -eu -o pipefail
if [[ "$(stat -c "%a" /dev/fuse)" != "666" ]]; then
    echo "Fixing permissions of /dev/fuse"
    chmod o+rw /dev/fuse
else
    echo "Permissions of /dev/fuse are correct. Maybe this workaround can be removed!"
fi

# Execute command specified by arguments (to support command chaining.)
[[ $# > 0 ]] && exec "$@"

Dockerfile:

# Mac specific workaround for https://github.com/docker/distribution/issues/2853
# Requires util-linux for runuser.
COPY fix-docker-mac-fuse-then.sh /usr/local/bin/fix-docker-mac-fuse-then
RUN chmod +x /usr/local/bin/fix-docker-mac-fuse-then && apt-get update && apt-get install --no-install-recommends -yq util-linux && rm -rf /var/lib/apt/lists/*

Then run it with:

docker run -it --privileged --user root --entrypoint fix-docker-mac-fuse-then  <container> runuser -u <user> -- <usual-entrypoint>

lrowe on 17 Nov 2020

🎉1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

"ipv6": true in /etc/docker/daemon.json leads to "Error starting daemon: Error initializing network controller: Error creating default "bridge" network: could not find an available, non-overlapping IPv6 address pool among the defaults to assign to the network"

jean-christophe-manciot · 4Comments

401 Unauthorized for correct password - and correct htpasswd.

luke-park · 5Comments

build-arg not set during build

Duoxilian · 3Comments

Support for tencent COS object storage driver for private docker registry

Pruthvi08 · 3Comments

Config for registry garbage collection should already be inside the registry container

danieltan · 3Comments