Mount SMB/CIFS share within a Docker container

linux windows docker mount cifs
Kryten picture Kryten · Jan 16, 2015 · Viewed 71.7k times · Source

I have a web application running in a Docker container. This application needs to access some files on our corporate file server (Windows Server with an Active Directory domain controller). The files I'm trying to access are image files created for our clients and the web application displays them as part of the client's portfolio.

On my development machine I have the appropriate folders mounted via entries in /etc/fstab and the host mount points are mounted in the Docker container via the --volume argument. This works perfectly.

Now I'm trying to put together a production container which will be run on a different server and which doesn't rely on the CIFS share being mounted on the host. So I tried to add the appropriate entries to the /etc/fstab file in the container & mounting them with mount -a. I get mount error(13): Permission denied.

A little research online led me to this article about Docker security. If I'm reading this correctly, it appears that Docker explicitly denies the ability to mount filesystems within a container. I tried mounting the shares read-only, but this (unsurprisingly) also failed.

So, I have two questions:

  1. Am I correct in understanding that Docker prevents any use of mount inside containers?

  2. Can anyone think of another way to accomplish this without mounting a CIFS share on the host and then mounting the host folder in the Docker container?

Answer

Nathaniel Waisbrot picture Nathaniel Waisbrot · Jan 17, 2015

Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged flag with docker run to disable these security measures.

Further, you can combine --cap-add and --cap-drop to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN capability is the one that grants mount privileges.

Related questions

Failed to determine the https port for redirect in Docker

I'm trying to deploy an asp.net-core webapi service which is exposed from 80 port using: docker run --rm -p 80:80 --name radicadorrest -it radicadorrest error: warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured. Key {e60978fd-16bc-4ff2-8525…

Read More
How to run a windows docker container on linux host?

can we run a windows docker container on linux host? also can take a RDP to windows docker container hosted on linux from other windows machines in the same network?

Read More
How to convert DOS/Windows newline (CRLF) to Unix newline (LF) in a Bash script?

How can I programmatically (i.e., not using vi) convert DOS/Windows newlines to Unix? The dos2unix and unix2dos commands are not available on certain systems. How can I emulate these with commands like sed/awk/tr?

Read More