• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Unable to run NGINX Docker due to “13: Permission denied”

by admin

The Problem

The NGINX docker container was started using the below command:

# docker run --detach --name nginx_server nginx
4ffbcd5ee796b8cce3f2c6ed4cce8927d2b13a040af07b36f7a866b2157290e8

But user failed to get connection to the NGINX server. Upon troubleshooting user found below error logs:

# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1565283160.116:316): avc: denied { write } for pid=2387 comm="nginx" name="nginx" dev="dm-0" ino=140648937 scontext=system_u:system_r:container_t:s0:c345,c550 tcontext=system_u:object_r:container_share_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1565283160.116:316): arch=c000003e syscall=83 success=no exit=-13 a0=56247859585f a1=1c0 a2=0 a3=8 items=0 ppid=2371 pid=2387 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:container_t:s0:c345,c550 key=(null)
# docker logs nginx_server
2019/08/08 16:52:40 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

The Solution

AVC denial messages indicates container_t is not a permissive domain, therefore is not possible to write (13: Permission denied). In order to resolve this issue, add container_t in the SELinux.

# semanage permissive -a container_t
# semodule -l | grep permissive
permissive_container_t (null)
permissivedomains (null)

Try again to run the nginx container using -p option. With -p, it is possible to redirect the port from the docker to the host(ensure firewall is properly configured in the host).

# docker run --detach --name nginx_server -p 8080:80 nginx
2ce7b13f17c8aeaaa0e6f434ce47a16f6ed7bf94affb7f75381636fe7fdf496c

Verify if the docker is running:

# docker ps -a
CONTAINER ID   IMAGE   COMMAND                   CREATED         STATUS         PORTS                  NAMES
2ce7b13f17c8   nginx   "nginx -g 'daemon of…"    3 seconds ago   Up 3 seconds   0.0.0.0:8080->80/tcp   nginx_server

Connect to NGINX container and verify the nginx version.

# docker exec nginx_server nginx -v
nginx version: nginx/1.17.2

Filed Under: DevOps, Docker

Some more articles you might also be interested in …

  1. How to Write Ansible Playbook and run it using the ansible-playbook command
  2. “while” Loop Examples in Shell Scripts
  3. How to Run Ad-Hoc Commands Using Ansible
  4. How to add new host entry in /etc/hosts when a docker container is run
  5. Shell/Bash Script to Find Prime Numbers in Linux
  6. “docker start” Command Examples
  7. dexter: Tool for authenticating the kubectl users with OpenId Connect
  8. How to Map Static IP to your Domain (with GoDaddy example)
  9. How to use until loop in Shell Scripts
  10. fly: Command-line tool for concourse-ci

You May Also Like

Primary Sidebar

Recent Posts

  • “glab pipeline” Command Examples
  • “glab mr” Command Examples
  • “glab mr merge” Command Examples
  • “glab mr” Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright