I’m running into a permission issue when trying to use Docker inside an Incus container(NixOS) with idmapped directory.Host path /mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl is bind-mounted into the container at the same path.
NixOS uid/gid settings:
I’ve mapped UID/GID 5000 from the host to the container using TrueNAS GUI. And the directory is owned by UID/GID 5000, which I’ve also set via the TrueNAS GUI.
Inside the NixOS container, I created matching user/group:
users.users.rl-man = {
isNormalUser = true;
uid = 5000;
group = "rl";
};
users.groups.rl = {
gid = 5000;
members = [ "root" ];
};
Container config includes for docker :
security.nesting: "true"
security.syscalls.intercept.mknod: "true"
security.syscalls.intercept.setxattr: "true"
Issue:
From the container’s root shell, the directory appears accessible:
[root@nixos-rl:~]# ls /mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl -al
total 37
drwxrwx--- 5 rl-man rl 5 May 12 13:45 .
drwxrwx--- 6 nobody rl 6 May 13 15:30 ..
drwxrwx--- 22 rl-man rl 22 May 13 13:54 DOCKER_DATA
drwxrwx--- 4 rl-man rl 6 May 13 14:06 komodo
drwxrwx--- 2 rl-man rl 2 May 12 13:33 root-data
But, Docker fails to mount or write into the directory:
[root@nixos-rl:~]# docker run --rm -v /mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl/DOCKER_DATA:/data alpine touch /data/test
docker: Error response from daemon: error while creating mount source path '/mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl/DOCKER_DATA': mkdir /mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl: operation not permitted.
Strangely, the directory does exist and is writable from the shell. Trying to mkdir also shows “File exists”:
[root@nixos-rl:~]# mkdir /mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl
mkdir: cannot create directory ‘/mnt/Kiwi/VM/SCALE4stor/DockerConfig/nixos-rl’: File exists