Cannot run executable shell script on Google Container-Optimized OS
Container-Optimized OS mounts the file-system with "noexec" flag except "Among the writable locations, only /var/lib/docker and /var/lib/cloud are mounted as "executable" (i.e. without the noexec mount flag)." [1]. You can verify with the following command:
mount | grep noexec
For more information on the layout of Container-Optimized OS (COS) file system, refer to the documentation. The 'noexec' option do not allow direct execution of any binaries on the mounted filesystem. This is because of by default security lock-down implementation on COS.
Most filesystems on a COS node are mounted with "noexec" flag so you can't execute binaries from them.
Some workarounds:
- For scripts, invoke the interpreter with the script as the argument, "bash /path/script.sh", "python /path/app.py"
- Mount an extra data disk under /mnt/disks. You can mount it without the "noexec" flag. Use startup-script to mount at boot.