centos中的selinux会报没有权限的问题，给docker给个特殊权限 privileged: true

大约在0.6版，privileged被引入docker。 使用该参数，container内的root拥有真正的root权限。 否则，container内的root只是外部的一个普通用户权限。 privileged启动的容器，可以看到很多host上的设备，并且可以执行mount。 甚至允许你在docker容器中启动docker容器。

总结：在docker-compose.yml文件中添加privileged: true 解决了问题

version: '2.0'
services:
  elasticsearch:
      image: elasticsearch-readonlyrest:6.3.2
      container_name: elasticsearch
      privileged: true
      environment:
        - cluster.name=docker-cluster
        - bootstrap.memory_lock=true
        - "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
      ulimits:
        memlock:
          soft: -1
          hard: -1
        nofile:
          soft: 65536
          hard: 65536
      mem_limit: 15g
      cap_add:
        - IPC_LOCK
      volumes:
        - ./es/esdata1:/usr/share/elasticsearch/data
      ports:
        - 9200:9200
      networks:
        - my-net

  php-fpm:
    image: harbor.cn/ytc_cloud_scan/box/php
    container_name: php-fpm
    privileged: true
    depends_on:
      - elasticsearch
    ports:
      - "9000:9000"
    links:
      - mongodb
      - mysql-db:mysql-db
      - redis-db:redis-db
      - elasticsearch:elasticsearch
    volumes:
      - ../app:/wwwroot:rw
      - ./php/php.ini:/usr/local/etc/php/php.ini:ro
      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.conf:ro
      - ./php/supervisor/supervisord.conf:/etc/supervisor/supervisord.conf
      - ./php/supervisor/supervisord.d/:/etc/supervisor/supervisord.d
      - ../logs/php-fpm:/var/log/php-fpm:rw
      - ../logs/supervisor:/var/log/supervisor
    restart: always
    command: /bin/sh -c "supervisord -c /etc/supervisor/supervisord.conf && /etc/init.d/cron start && echo '* * * * * export OS_STATUS="PRE" && /usr/local/bin/php /wwwroot/zctc_asset_manage_stable/artisan schedule:run >> /tmp/cron.log 2>&1' | crontab -u www - && crontab -l -u www && php-fpm"
    networks:
        - my-net

  nginx:
    image: harbor.cn/ytc_cloud_scan/box/nginx
    container_name: nginx
    privileged: true
    depends_on:
      - php-fpm
    links:
      - php-fpm:php-fpm
    volumes:
      - ../app:/wwwroot:rw
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ../logs/nginx:/var/log/nginx
    ports:
      - "80:80"

    restart: always
    command: nginx -g 'daemon off;'
    networks:
        - my-net

  mysql-db:
      image: harbor.cn/ytc_cloud_scan/box/mysql
      container_name: mysql-db
      privileged: true
      ports:
        - "3306:3306"
      volumes:
        - ../logs/mysql:/var/lib/mysql-logs:rw
        - ./mysql/data:/var/lib/mysql
        - ./mysql/conf:/etc/mysql/conf.d
        - ./mysql/initdb/init.sql:/etc/mysql/init.sql
      environment:
        MYSQL_ROOT_PASSWORD: xxx
        MYSQL_DATABASE: assets
        MYSQL_USER: geagle
        MYSQL_PASSWORD: xxx
      restart: always
      command: "--character-set-server=utf8"
      networks:
        - my-net

  redis-db:
      image: harbor.cn/ytc_cloud_scan/box/redis
      container_name: redis-db
      privileged: true
      ports:
        - "6379:6379"
      volumes:
        - ./redis/data:/data
        - ../logs/redis:/var/log/redis
      restart: always
      command: redis-server --requirepass xxxx
      networks:
        - my-net

  mongodb:
      image: harbor.cn/ytc_cloud_scan/box/mongo
      container_name: mongodb
      privileged: true
      ports:
        - "27017:27017"
      restart: always
      environment:
        MONGO_INITDB_ROOT_USERNAME: root
        MONGO_INITDB_ROOT_PASSWORD: xxx
      container_name: mongodb
      volumes:
        - ./mongo/data:/data/db
        - ./mongo/log:/data/log
      networks:
        - my-net

networks:
  my-net:
    driver: bridge