来自守护进程的错误响应:挂载卷 '/host_mnt/c/Users/user/data' 时出错:权限被拒绝
Error response from daemon: error while mounting volume '/host_mnt/c/Users/user/data': permission denied
ID: docker/volume-mount-permission-denied-windows
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Docker Desktop 4.19.0 | active | — | — | — |
| Docker Desktop 4.22.1 | active | — | — | — |
| Windows 10 21H2 | active | — | — | — |
| Windows 11 22H2 | active | — | — | — |
根因分析
在适用于 Windows 的 Docker Desktop 上,从 C 盘进行的绑定挂载需要共享驱动器权限;如果驱动器未共享或用户无访问权限,挂载将失败并返回权限被拒绝。
English
On Docker Desktop for Windows, bind mounts from the C drive require shared drive permissions; if the drive is not shared or the user lacks access, mounting fails with permission denied.
官方文档
https://docs.docker.com/desktop/settings/windows/#file-sharing解决方案
-
在 Docker Desktop 中共享 C 盘:设置 > 资源 > 文件共享 > 添加 'C:\' 并应用。然后重启 Docker Desktop 并重新尝试挂载。
-
将项目文件夹移动到已共享的驱动器(例如 D:\)或默认共享的用户配置文件目录 C:\Users\ 下。
-
使用命名卷代替绑定挂载:'docker volume create mydata' 然后 'docker run -v mydata:/app/data' 以避免主机文件系统权限问题。
无效尝试
常见但无效的做法:
-
Running Docker Desktop as Administrator
70% 失败
Even as Administrator, the C drive must be explicitly shared in Docker Desktop settings; admin privileges alone do not bypass the sharing requirement.
-
Changing file permissions on the host folder using icacls
80% 失败
Docker Desktop uses a virtual filesystem (gRPC FUSE) to mount Windows paths; host NTFS permissions are not the primary issue—the Docker service itself needs share access.
-
Using a relative path instead of absolute path in docker run -v
60% 失败
Relative paths are resolved relative to the current directory, but if the resolved absolute path is still on a non-shared drive, the same error occurs.