从 Dockerfile 将本地目录挂载为容器中的卷 [英] Mount a local directory as volume in container, from the Dockerfile

问题描述

我知道如何使用 docker run 中的 -v 选项将本地目录挂载为卷，即

I know how local directories can be mounted as volumes with the -v option in docker run, i.e.

docker run -v /local/some_folder:/container/some_folder image_name

但是，我希望能够指定上述指令(将本地 /local/some_folder 挂载为 /container/some_folder 在容器 withinDockerfile.

However, I want to be able to specify the above instruction (to mount the local /local/some_folder as /container/some_folder in the container within the Dockerfile.

我尝试在 Dockerfile 中使用 VOLUME/local/some_folder/container/some_folder，但这似乎不起作用:然后我可以访问/container/some_folder 从容器内使用 docker exec -t container sh，但是容器的写入更改到 /container/some_folder 在容器运行期间和 docker stop container 之后不会反映在 /local/some_folder 中.

I've tried using VOLUME /local/some_folder /container/some_folder in the Dockerfile, but that didn't seem to work: I am then able to access /container/some_folder from within the container using docker exec -t container sh, but the write changes of container to /container/some_folder are not reflected in /local/some_folder during container runtime AND after docker stop container.

推荐答案

您无权控制 Dockerfile 或映像构建过程中的主机卷挂载等内容.允许这样做将允许恶意映像创建者在未经主机管理员许可的情况下制作在主机上挂载目录的映像.允许流行的基础映像挂载文件系统的安全漏洞可用于在场外发送私人数据并在无数机器上注入登录凭据.挂载卷的唯一方法是在运行时根据运行容器的管理员的明确请求，以及它们提供的目录.

You do not have access to control things like host volume mounts inside the Dockerfile or image build process. Allowing this would allow malicious image creators to make an image that mounts directories on the host without the permission of the admin of that host. A security breach that allowed a popular base image to mount the filesystem could be used to send private data off-site and inject login credentials on countless machines. The only way to mount a volume is at run time at the explicit request of the admin running the container, and to the directory they provide.

这篇关于从 Dockerfile 将本地目录挂载为容器中的卷的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！