linuxdockerfile-permissionsdocker-run

docker - mounted file is empty in container


I have the following docker run command that I send via ssh from my CI (as the problem also happens when I try it on the server directly I skip all ssh related stuff here).

docker run --name amc-node-be -d -p 10.0.0.3:3000:3000 --mount type=bind,source=/etc/amc-node-be/.env,target=/app/dist/amc-node-be/.env,readonly --restart unless-stopped .../amc-node-be:latest

I guess it has something to do with file permissions but I don't understand enough how the permissions of the host leak through to the container using a bind mount or maybe I don't understand linux file permissions enough. On the host I gave read permissions to the docker group on the .env file.

/etc/amc-node-be$ ls -la
total 12
drwxr-x---+  2 andymatic docker 4096 Oct  2 10:20 .
drwxr-xr-x  85 root      root   4096 Oct  2 12:13 ..
-rwxr-----+  1 andymatic docker  912 Oct  2 09:40 .env

The deploy user is in the docker group

$ sudo -u deploy groups
 docker 

With sudo -u deploy cat /etc/amc-node-be/.env on the host I get the content of the file

docker inspect amc-node-be returns

"Mounts": [
    {
        "Type": "bind",
        "Source": "/etc/amc-node-be/.env",
        "Destination": "/app/dist/amc-node-be/.env",
        "Mode": "",
        "RW": false,
        "Propagation": "rprivate"
    }
]

Any other idea what I do wrong?


Solution

  • I think you should use the --env-file option:

    docker run --env-file=.env --name amc-node-be -d -p 10.0.0.3:3000:3000  --restart unless-stopped .../amc-node-be:latest
    

    With env-file you can reference the filename, which is parsed to extract the environment variables to set.