I solved this issue by changing the act on host with “setfacl -m u:1000:-wx
/path/on/my/host/“, and 1000 is from “ USER 1000” in the Dockerfile for server.
On Nov 12, 2019, at 20:16, Yang Yang <yy8402(a)icloud.com>
Thank you very much for the information! The exception message is from container log,
generated by Keycloak.
From my understanding, you got the log on host machine most likely because your container
was running in privileged mode, which is what I would like not to use.
> On Nov 12, 2019, at 18:09, Bruno Oliveira <bruno(a)abstractj.org> wrote:
> It seems to me that you have a permissions issue. I just did:
> docker run --name keycloak7 --privileged -v
> /home/abstractj/tmp/logs:/opt/jboss/keycloak/standalone/log -e
> KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8280:8280 -it
> quay.io/keycloak/keycloak:7.0.1 -b 0.0.0.0 -bmanagement=0.0.0.0
> cat ~/tmp/logs/server.log returns the log to me
> When I read "FileNotFoundException" it looks to me that you're trying
> to read this file from a Java program and maybe that's the culprit of
> your problem. Anyways, it's seems unrelated to our Docker image, but I
> hope it helps.
> On Tue, Nov 12, 2019 at 5:02 AM Yang Yang <yy8402(a)icloud.com> wrote:
>> I wanted to access Keycloak logs on host machine, so I started the docker
container with “-v /path/on/my/host:/opt/jboss/keycloak/standalone/log”, and then met the
permission issue, “java.io.FileNotFoundException:
/opt/jboss/keycloak/standalone/log/server.log (Permission denied)”.
>> Could you help to tell what I should do? Some posts on the internet suggests to
deactivate SELinux or run the container in privileged mode, which I believe is not good
for security reason.
>> keycloak-user mailing list
> - abstractj