# 守护进程响应错误：挂载卷 '/host/path' 时出错：权限被拒绝

- **ID:** `docker/volume-bind-mount-permission-denied`
- **领域:** docker
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 82%

## 根因

被绑定挂载的主机目录或文件具有限制性权限或 SELinux 标签，阻止 Docker 容器访问。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Docker 20.10.22 | active | — | — |
| Docker 24.0.6 | active | — | — |
| RHEL 8 | active | — | — |
| Ubuntu 22.04 | active | — | — |

## 解决方案

1. ```
   Add `:Z` or `:z` suffix to the bind mount to relabel SELinux context: `docker run -v /host/path:/container/path:Z myimage`
   ```
2. ```
   Ensure the host directory has at least 755 permissions (`chmod 755 /host/path`) and the Docker daemon has read access. Then retry the mount.
   ```

## 无效尝试

- **** — Even root inside the container may not bypass host SELinux or AppArmor policies; the mount itself is denied at the daemon level. (85% 失败率)
- **** — The permission denied error occurs before the container process runs; it's a mount-time check, not a runtime access issue. (75% 失败率)