Error: EACCES: permission denied, scandir to /home/user/.local/share/docker/overlay2/xxxxx

1. Browser & Version

  • [PWA] / crhome 128.0.6613.120 (Official Build) (x86_64)
  • macOS Big Sur (11.7.10)

2. Workspace ID

  • docker-template-app-9126589

3. Template Used

  • Misc / Blank Workspace
  • enabling docker
  • package docker-compose added

4. Steps to Reproduce

4.1. Enabling docker and docker-compose from Blank template

{ pkgs, ... }: {
  channel = "stable-23.11";
  packages = [
    pkgs.docker-compose
  ];
  env = {};
  services.docker.enable = true;
  idx = {
    extensions = [
      # "vscodevim.vim"
    ];
    previews = {
      enable = true;
      previews = {};
    };
    workspace = {
      onCreate = {
        default.openFiles = [ ".idx/dev.nix" "README.md" ];
      };
      onStart = {
      };
    };
  };
}

4.2. Executing docker-compose up -d

directory structure

.
├── docker-compose.yml
└── rproxy
    └── Dockerfile

creating network iptime

$ docker network create iptime

docker-compose.yml

name: app

volumes:
  rproxy-config: {}
networks:
  iptime:
    external: true
services:
  rproxy:
    container_name: rproxy
    build: 
      context: ./rproxy
    ports:
      - "3000:80"
    volumes:
      - rproxy-config:/etc/nginx
    networks:
      - iptime

Dockerfile

FROM nginx:latest
EXPOSE 80
# Start nginx
CMD ["nginx", "-g", "daemon off;"]

creating containers

docker-template-app-9126589:~/docker-template-app$ docker-compose up -d
[+] Building 0.0s (0/0)                                                                                                                                                                              docker:default
[+] Running 1/1
 ✔ Container rproxy  Started                                                                                                                                                                                   0.0s 
docker-template-app-9126589:~/docker-template-app$ docker ps
CONTAINER ID   IMAGE           COMMAND                  CREATED          STATUS          PORTS                                   NAMES
7a1ddade75ff   app-rproxy   "/docker-entrypoint.…"   38 seconds ago   Up 37 seconds   0.0.0.0:3000->80/tcp, :::3000->80/tcp   rproxy

4.3. close workspace

  • On menu, File > Close Window

4.4. Reopen the workspace from Home

  • open the workspace on tab Your workspace

4.5. Turning on Gemini

Error: EACCES: permission denied, scandir '/home/user/.local/share/docker/overlay2/24acf9d1e58b82d9d5608313acaa8cb2ec1b379d3d961b7c3701cdecbf75347b/work/work'

Gemini might see overlay storage(I guess…)

Here are list of overlay2(which are related to nginx)

docker-template-app-9126589:~/.local/share/docker/overlay2$ ls -al
total 56
4096 Sep  8 20:01 .
4096 Sep  8 19:41 ..
4096 Sep  8 20:01 24acf9d1e58b82d9d5608313acaa8cb2ec1b379d3d961b7c3701cdecbf75347b( (+)
4096 Sep  8 20:01 2bebd0ab256b7f415a87452ecb363130893c807fbfcfd8c84021a0f691bc62d8
4096 Sep  8 20:01 3d20a58d2bc1bb0fadff1ed0349a6d25c5abc87fea57c59d822d04a6128938f4
4096 Sep  8 20:01 3ff451b70ff85b5df3685c0f900426fd8620f626a39b0e6cabf8290375585f47
4096 Sep  8 20:01 4223c0f67ca47babb120a6626b78e41368ec370dd281fec56af13be2b8419cd0
4096 Sep  8 20:01 abf54d9780f81bb406ece584702bd82d257c860073b027afc6b6c76e755c32a0
4096 Sep  8 20:01 bd15559d8dcf0299c1f03f8f656a13a657a089cd4a5020e1d178fe9c938cbe37
4096 Sep  8 20:01 bd15559d8dcf0299c1f03f8f656a13a657a089cd4a5020e1d178fe9c938cbe37-init
4096 Sep  8 20:01 d933bc3cb6ff9f42c0b14973d7c414702673228d73bc1149e4f9c3151dab7bb6
4096 Sep  8 20:01 l
4096 Sep  8 20:01 li8gho08ko8iyiumgb5mtwz0b
4096 Sep  8 20:01 pllmbfy61fipp0nooophiug1d

To fix the problem,

  • the containers should be closed, removed (docker-compose down)
  • The generated images should be deleted(docker image remove app-rproxy), which emptifies ~/.local/share/docker/overlay2 direcotry.

Expected Behavior

Observed Behavior

Can you please file this as a bug? https://issuetracker.google.com/issues/new?component=1379083&template=1836320

Once you have filed it, please let me know the URL so that I can track it internally as well.