
'Permission denied' error for standalone-full.xml while creating custom image from official jboss/wildfly image

I am working to build a custom image derived from the official jboss/wildfly image.

It's working perfectly if I just add the .war file and run, but problems arise when I try to add a custom standalone-full.xml file

This is my Dockerfile:

FROM jboss/wildfly:10.1.0.Final

COPY standalone-full.xml /opt/jboss/wildfly/standalone/configuration/standalone-full.xml

COPY sample.war /opt/jboss/wildfly/standalone/deployments/

CMD ["/opt/jboss/wildfly/bin/", "-c", "standalone-full.xml", "-b", "", "-bmanagement", ""]

This is my source directory:

link to screenshot of ls -la command inside the source directory

As recommended, I have given 755 permission to the standalone-full.xml file.

However, after building the image with the following command:

docker build -t sample-app .

and running the image as follows:

docker run -it -p 8080:8080 -p 80:80 -p 443:443 sample-app

I receive the following error:

13:18:06,274 ERROR [] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.listener.default: org.jboss.msc.service.StartException in service jboss.undertow.listener.default: WFLYUT0082: Could not start 'default' listener.
    at org.wildfly.extension.undertow.ListenerService.start(
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(
    at org.jboss.msc.service.ServiceControllerImpl$
    at java.util.concurrent.ThreadPoolExecutor.runWorker(
    at java.util.concurrent.ThreadPoolExecutor$
Caused by: Permission denied
    at Method)
    at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(
    at org.xnio.XnioWorker.createStreamConnectionServer(
    at org.wildfly.extension.undertow.HttpListenerService.startListening(
    at org.wildfly.extension.undertow.ListenerService.start(

I exec'd into the running container to look at the file permissions of the standalone file:

link to screenshot of ls -la command inside the container's /opt/jboss/wildfly/standalone/configuration/ directory

I am able to get the app running if I change the user to root before running the CMD instruction, but that's not a good practice I think:

FROM jboss/wildfly:10.1.0.Final

COPY standalone-full.xml /opt/jboss/wildfly/standalone/configuration/standalone-full.xml

COPY sample.war /opt/jboss/wildfly/standalone/deployments/

USER root

CMD ["/opt/jboss/wildfly/bin/", "-c", "standalone-full.xml", "-b", "", "-bmanagement", ""]

How do I correctly set the permissions of the standalone file so that I can run the application with the 'jboss' user?

I also tried changing the permissions within the Dockerfile as follows to match the permissions of other files:

FROM jboss/wildfly:10.1.0.Final

USER root

COPY standalone-full.xml /opt/jboss/wildfly/standalone/configuration/standalone-full.xml

RUN chown jboss:root /opt/jboss/wildfly/standalone/configuration/standalone-full.xml

USER jboss

COPY sample.war /opt/jboss/wildfly/standalone/deployments/

CMD ["/opt/jboss/wildfly/bin/", "-c", "standalone-full.xml", "-b", "", "-bmanagement", ""]

But, the permissions don't get applied and I still get the same error. Can anyone please point to me to the right direction as to where I am making a mistake?

I am using Docker version 17.06.0-ce and overlay2 storage driver


  • You have configured your wildfly instance to listen on TCP/IP port numbers < 1024.

    Ports 80 and 443 in fact.

    Normally only the root user has permission to do this on any unix based operating system, including Linux.