Getting permission denied error with lighthouse image #55
Comments
|
CAPSYS and/or SECCOMP don't handle file system permissions between the container and the host. Without seeing the command you're running and your Docker setup it's hard to tell, but based on the permission denied, my hunch is that your bindmount perms are incorrect. See: #45 (comment) which explains a little more about running with a folder bind for output/artifact collection. |
|
Sorry, I should have mentioned that I was copy/pasting the example from the README verbatim, with the exception of the path to my folder.
The problem appears to be with the reports folder in the container. As noted, I can create a new folder in /home/chrome and that works as expected, apart from using Docker to copy it back to the host. Docker version 19.03.8, build afacb8b7f0 |
|
The container simply defines the volume and workdir that is owned by the unprivileged dockerfiles/lighthouse/Dockerfile Lines 56 to 61 in 8e60d23 Pulling latest, I can bind and run without any issue (same OS).
As per the other comment I pointed you to, I suspect that this is a case of mismatched permissions within the scope of the namespace, which happens from time to time when the group is auto-added. See https://docs.docker.com/engine/security/userns-remap/ |
|
The folder needs to have right access for others |
I have tried with both SYS_ADMIN and SECCOMP with several different URLs and the response is always the same error.
If I try
touch somefilewithin the reports directory I get an access denied error.My current workaround is to create a new directory,
/home/chrome/new-reportsand run lighthouse from there. Once the reports are generated I copy them to my host usingdocker container cp.The text was updated successfully, but these errors were encountered: