I’m running Traefik inside a container using the docker engine.
I configured the container to load a configuration file using a template, but sometimes it seems like the docker driver refuses to start it due to an allegedly “possible malicious path detected”.
config {
image = "traefik:latest"
network_mode = "macvlan"
hostname = "traefik"
ipv4_address = "192.168.50.27"
dns_servers = ["192.168.50.2", "192.168.50.54"]
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
]
mount {
type = "bind"
target = "/etc/traefik/"
source = "/mnt/traefik"
readonly = false
bind_options {
propagation = "rshared"
}
}
}
template {
change_mode = "noop"
destination = "local/traefik.toml"
data = <<EOH
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
...
The error message I’m getting is:
Failed to start container 2edcb6a1b98b2274cd5640626e8c13db970a515ec36cd5c1bae0e06267df32a0: API error (500): failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/opt/nomad/data/alloc/083280c1-9eb9-b508-5af8-cd90a2346fa6/traefik/local/traefik.toml" to rootfs at "/etc/traefik/traefik.toml": possibly malicious path detected -- refusing to operate on /var/lib/docker/overlay2/b95817fc4b1317c8ff5813ad1ad67865c85433bce1aa4eb0794ef007983d4f80/merged/etc/traefik/traefik.toml (deleted): unknown