Use Setfacl within Docker

Nov 13, 2017

If you use setfacl within Docker, you may be hit by this:

$ setfacl -R -m u:guest:- /tmp/dir
setfacl: /tmp/dir: Operation not supported

By default, Docker uses AUFS to stack container and images. And AUFS does not support ACLs.

$ docker info 
...
Server Version: 17.09.0-ce
Storage Driver: aufs
...

So we should use another storage driver that support ACLs,That's OverlayFS.

Tell Docker to use OverlayFS for its storage in your Daemon configuration file:

  • For Linux: /etc/docker/daemon.json
  • For MacOS:Preferences -> Daemon
{
  "storage-driver": "overlay2"
}

Also, then restart you docker daemon. setfacl works fine for now.

$ docker info
...
Server Version: 17.09.0-ce
Storage Driver: overlay2
...