Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python script in image gets permission denied #69

Open
martinvelos opened this issue Aug 28, 2019 · 3 comments
Open

python script in image gets permission denied #69

martinvelos opened this issue Aug 28, 2019 · 3 comments

Comments

@martinvelos
Copy link

Seems the python script is not run as root and thus with the command from Readme we get

Traceback (most recent call last):
  File "/usr/local/bin/kubetop", line 11, in <module>
    load_entry_point('kubetop==17.4.17.1.dev0', 'console_scripts', 'kubetop')()
  File "/usr/local/lib/python2.7/site-packages/kubetop/_twistmain.py", line 89, in __call__
    ] + argv[1:])
  File "/usr/local/lib/python2.7/site-packages/twisted/application/twist/_twist.py", line 119, in main
    options = cls.options(argv)
  File "/usr/local/lib/python2.7/site-packages/twisted/application/twist/_twist.py", line 40, in options
    options.parseOptions(argv[1:])
  File "/usr/local/lib/python2.7/site-packages/twisted/application/twist/_options.py", line 168, in parseOptions
    Options.parseOptions(self, options=options)
  File "/usr/local/lib/python2.7/site-packages/twisted/python/usage.py", line 267, in parseOptions
    self.subOptions.parseOptions(rest)
  File "/usr/local/lib/python2.7/site-packages/twisted/python/usage.py", line 277, in parseOptions
    self.postOptions()
  File "/usr/local/lib/python2.7/site-packages/kubetop/_script.py", line 49, in postOptions
    self['context'] = current_context(FilePath(expanduser(self['config'])))
  File "/usr/local/lib/python2.7/site-packages/kubetop/_script.py", line 34, in current_context
    with config_path.open() as cfg:
  File "/usr/local/lib/python2.7/site-packages/twisted/python/filepath.py", line 1012, in open
    return open(self.path, mode + 'b')
IOError: [Errno 13] Permission denied: '/root/.kube/config'
@exarkun
Copy link
Contributor

exarkun commented Aug 28, 2019

I wonder why. The Dockerfile doesn't specify another user. Maybe Docker has changed since the Dockerfile was written. Is the default user in the container no longer root?

@martinvelos
Copy link
Author

martinvelos commented Sep 2, 2019
edited

It think that remained, see:

$ docker run -it --entrypoint sh   --volume ~/.kube/:/root/.kube/:ro exarkun/kubetop -c id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

Seems like something with the volume mapping:

$ docker run -it --entrypoint ls   --volume ~/.kube/:/root/.kube/:ro exarkun/kubetop /root/.kube
ls: can't open '/root/.kube': Permission denied

@martinvelos
Copy link
Author

Aah, I see, o Fedora, where Selinux rules, we need to use the :Z mapping, which I don't undrsand properly, but have similar troubles when running docker-compose.

docker run -it --rm --volume ~/.kube/:/root/.kube/:Z exarkun/kubetop
started fine, only it is not handling self-signed certs we have on our "lab"...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@exarkun @martinvelos