使用 Podman 启动 openHAB 映像时权限被拒绝

问题描述 投票:0回答:1

我在尝试在 Fedora v41 工作站上的 Podman v5.3.1 上运行基于图像“openhab:4.3.0-debian”的容器时遇到问题。

我创建了一个专用的“openhab”用户和组(UID=9001 和 GID=9001),并设置了三个配置目录以作为卷安装在容器内。

以下是我遵循的步骤:

sudo useradd -r -s /sbin/nologin openhab
sudo usermod -a -G openhab openhab
sudo mkdir -p /opt/openhab/{conf,userdata,addons}
sudo chown -R openhab:openhab /opt/openhab

然后,我使用以下命令运行容器:

podman run \
        --name openhab \
        --net=host \
        -v /etc/localtime:/etc/localtime:ro \
        -v /usr/share/zoneinfo/Europe/Rome:/etc/timezone:ro \
        -v /opt/openhab/conf:/openhab/conf \
        -v /opt/openhab/userdata:/openhab/userdata \
        -v /opt/openhab/addons:/openhab/addons \
        -e USER_ID=9001 \
        -e GROUP_ID=9001 \
        -e CRYPTO_POLICY=unlimited \
        openhab/openhab:4.3.0-debian

但是,我收到“权限被拒绝”错误,请参阅以下日志:

user@fedora:/opt$ podman run         --name openhab         --net=host         -v /etc/localtime:/etc/localtime:ro         -v /usr/share/zoneinfo/Europe/Rome:/etc/timezone:ro         -v /opt/openhab/conf:/openhab/conf         -v /opt/openhab/userdata:/openhab/userdata         -v /opt/openhab/addons:/openhab/addons         -e USER_ID=9001         -e GROUP_ID=9001         -e CRYPTO_POLICY=unlimited         openhab/openhab:4.3.0-debian
+ IFS='
    '
++ find /usr/lib/jvm -maxdepth 1 -name '*jdk*' -type d
+ export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+ JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+ '[' unlimited = unlimited ']'
+ echo 'Configuring Java unlimited strength cryptography policy...'
Configuring Java unlimited strength cryptography policy...
+ sed -i 's/^crypto.policy=limited/crypto.policy=unlimited/' /usr/lib/jvm/java-17-openjdk-amd64/conf/security/java.security
+ capsh --print
+ grep -E Current:.+,cap_net_admin,cap_net_raw,.+
+ rm -f '/var/lock/LCK..*'
+ rm -f /openhab/userdata/tmp/instances/instance.properties
+ NEW_USER_ID=9001
+ NEW_GROUP_ID=9001
Starting with openhab user id: 9001 and group id: 9001
+ echo 'Starting with openhab user id: 9001 and group id: 9001'
+ id -u openhab
++ getent group 9001
Create group openhab with id 9001
+ '[' -z '' ']'
+ echo 'Create group openhab with id 9001'
+ groupadd -g 9001 openhab
Create user openhab with id 9001
+ echo 'Create user openhab with id 9001'
+ adduser -u 9001 --disabled-password --gecos '' --home /openhab --gid 9001 openhab
adduser: Warning: The home dir /openhab you specified already exists.
Adding user `openhab' ...
Adding new user `openhab' (9001) with group `openhab (9001)' ...
adduser: The home directory `/openhab' already exists.  Not touching this directory.
adduser: Warning: The home directory `/openhab' does not belong to the user you are currently creating.
Adding new user `openhab' to supplemental / extra groups `users' ...
Adding user `openhab' to group `users' ...
+ groupadd -g 11 audio2
+ groupadd -g 14 uucp2
+ groupadd -g 16 dialout2
+ groupadd -g 17 audio3
+ groupadd -g 18 dialout3
+ groupadd -g 32 uucp3
+ groupadd -g 63 audio4
+ groupadd -g 490 dialout4
+ groupadd -g 492 audio5
+ groupadd -g 997 gpio
+ adduser openhab audio
Adding user `openhab' to group `audio' ...
Done.
+ adduser openhab audio2
Adding user `openhab' to group `audio2' ...
Done.
+ adduser openhab audio3
Adding user `openhab' to group `audio3' ...
Done.
+ adduser openhab audio4
Adding user `openhab' to group `audio4' ...
Done.
+ adduser openhab audio5
Adding user `openhab' to group `audio5' ...
Done.
+ adduser openhab dialout
Adding user `openhab' to group `dialout' ...
Done.
+ adduser openhab dialout2
Adding user `openhab' to group `dialout2' ...
Done.
+ adduser openhab dialout3
Adding user `openhab' to group `dialout3' ...
Done.
+ adduser openhab dialout4
Adding user `openhab' to group `dialout4' ...
Done.
+ adduser openhab gpio
Adding user `openhab' to group `gpio' ...
Done.
+ adduser openhab uucp
Adding user `openhab' to group `uucp' ...
Done.
+ adduser openhab uucp2
Adding user `openhab' to group `uucp2' ...
Done.
+ adduser openhab uucp3
Adding user `openhab' to group `uucp3' ...
Done.
+ initialize_volume /openhab/conf /openhab/dist/conf
+ volume=/openhab/conf
+ source=/openhab/dist/conf
++ ls -A /openhab/conf
+ '[' -z '' ']'
Initializing empty volume /openhab/conf ...
+ echo 'Initializing empty volume /openhab/conf ...'
+ cp -av /openhab/dist/conf/. /openhab/conf/
cp: cannot create directory '/openhab/conf/./html': Permission denied
cp: cannot create directory '/openhab/conf/./icons': Permission denied
cp: cannot create directory '/openhab/conf/./items': Permission denied
cp: cannot create directory '/openhab/conf/./persistence': Permission denied
cp: cannot create directory '/openhab/conf/./rules': Permission denied
cp: cannot create directory '/openhab/conf/./scripts': Permission denied
cp: cannot create directory '/openhab/conf/./services': Permission denied
cp: cannot create directory '/openhab/conf/./sitemaps': Permission denied
cp: cannot create directory '/openhab/conf/./sounds': Permission denied
cp: cannot create directory '/openhab/conf/./tags': Permission denied
cp: cannot create directory '/openhab/conf/./things': Permission denied
cp: cannot create directory '/openhab/conf/./transform': Permission denied
cp: preserving times for '/openhab/conf/.': Permission denied

当我使用 Docker 运行命令时(使用具有相同参数的 sudo docker run),容器正确启动。

我的 Podman 命令中缺少什么来让容器正常启动并运行?

提前感谢您的支持!

fedora permission-denied podman openhab
1个回答
0
投票

当您运行 podman 命令时,您是否确保以 openhab 用户身份登录?我遇到了一个不同的权限问题,比你的问题发生得更远一些。

最新问题
© www.soinside.com 2019 - 2025. All rights reserved.