将Docker容器的根文件系统挂载为只读 [英] Mount Docker container's root filesystem as read only

问题描述

当我运行以下命令时，我想以只读方式挂载容器的根文件系统:

I want to mount a container's root filesystem as read-only when I run the following command:

docker ps --quiet --all | \
  xargs docker inspect \
    --format '{{ .Id }}: ReadonlyRootfs={{ .HostConfig.ReadonlyRootfs }}'

如果以上命令返回 true ，则表示根文件系统是只读安装的.如果以上命令返回 false ，则表示根文件系统可写.

If the above command returns true, it means the root filesystem is mounted read-only. If the above command returns false, it means the root filesystem is writable.

当我运行命令时，显示 ReadonlyRootfs = false .如何使它显示 true ?

When I run the command, ReadonlyRootfs=false is being shown. How do I make it show true?

推荐答案

当您将标志-ready-only 传递给 docker时，根文件系统将以只读方式挂载.运行命令，例如:

The root file-system gets mounted read-only when you pass the flag --read-only to the docker run command, e.g.:

$ docker run -it --read-only centos
[root@87e0f56dc341 /]# touch test
touch: cannot touch 'test': Read-only file system

帮助页面:

$ docker run --help | grep read-only
      --read-only
        Mount the container's root filesystem as read only

这篇关于将Docker容器的根文件系统挂载为只读的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！