Docker pull 报错 failed to register layer: open /etc/pam.d/password-auth: permission denied

安素 2019年09月09日 184次浏览

今天在云主机上操作docker pull 报错如下

[root@ansu ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
d8d02d457314: Extracting [==================================================>] 75.41 MB/75.41 MB
latest: Pulling from docker.io/library/centos
d8d02d457314: Extracting [==================================================>] 75.41 MB/75.41 MB
failed to register layer: Error processing tar file(exit status 1): open /etc/pam.d/password-auth: permission denied

当前登陆用户就是root,怎么会没有权限访问呢?

查看文件权限都是正确的

[root@ansu ~]# ll /etc/pam.d/password-auth-ac
-rw-r--r--. 1 root root 974 Aug 18  2017 /etc/pam.d/password-auth-ac

[root@ansu ~]# lsattr  /etc/pam.d/password-auth-ac
-------------e-- /etc/pam.d/password-auth-ac

折腾了好久,突然想起来,服务器上了云锁,会不会是防篡改?查看了我的防篡改配置,没有问题,那就只能一个功能一个功能关闭尝试了 最后,发现是云锁开启了系统加固的选项,导致文件权限出错,只能暂时将云锁的系统加固关闭了(尝试将docker进程添加例外,但是没起作用)

image.png

关闭之后,可以顺利pull镜像

[root@ansu ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
d8d02d457314: Pull complete
Digest: sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb
Status: Downloaded newer image for docker.io/centos:latest

以后如果遇到权限问题,要先排查下服务器环境,并检查是否为安全软件限制