Is it possible to mount an ISO inside a docker container?
I am using a docker container (based on the official centos:6.4 image) to build an ISO which I then need to mount and verify. I am unable to mount the ISO using:
sudo mount -o loop /path/to/iso /mnt
Gives:
mount: Could not find any loop device. Maybe this kernel does not know
about the loop device? (If so, recompile or `modprobe loop'.)
It looks like the kernel has been compiled without loop device support. Is it possible to build docker images which support loop devices? I couldn't find any information on this, however, looking at this thread it seems that this may be an ongoing topic.
I wonder if there is a way to circumvent this limitation?
Answer
To mount an ISO inside a container, you need two things:
- access to loop devices,
- permission to mount filesystems.
By default, Docker locks down both things; that's why you get that error message.
The easiest solution is to start the container in privileged mode:
docker run --privileged ...
A more fine-grained solution is to dive down into the devices cgroup and container capabilities to give the required permissions.
Note that you cannot execute privileged operations as part of a Dockerfile; i.e. if you need to mount that ISO in a Dockerfile, you won't be able to do it.
However, I recommend that you have a look at Xorriso and specifically the osirrox tool , which lets you extract files from ISO images just like you would extract a tar file, without requiring any kind of special access, e.g.:
osirrox -indev /path/to/iso -extract / /full-iso-contents