如何在Docker容器中安装 - 绑定？ [英] How do I mount --bind inside a Docker container?

问题描述

我有这个容器基于 debian：jessie （但这并不是很相关，因为我与 alpine相同的问题：3.3 ）。我到达了我需要的地步。

I have this container based on debian:jessie (but this is not very relevant as I had the same issue with alpine:3.3). I get to the point where I need to

mount --bind /htdocs/www /home/user/example.com/www

我得到

mount: permission denied

我在任何内核日志中找不到任何东西，而 -vvv 没有什么有趣的。我显然可以在主机上（与任何其他子树/节点对）进行此操作。在我上面的例子中，/ htdocs / www是Docker卷的挂载点，但它似乎并不重要，因为我不能 mount --bind

I can't find anything in any kernel log, and -vvv yields nothing interesting. I obviously can do this on the host (with any other pair of subtree/node). In my example above /htdocs/www is the mountpoint of a Docker volume, but it doesn't appear like it's of any importance, as I can't mount --bind any pair of subtree/node inside the container.

推荐答案

使用 mount 系统调用，您需要 CAP_SYS_ADMIN 功能。默认情况下，Docker在产生容器时删除所有功能（这意味着即使使用 root ，您也不能做任何事情）。有关详细信息，请参阅 mount（2）手册页。

For using the mount system call, you need the CAP_SYS_ADMIN capability. By default, Docker drops all capabilities when spawning a container (meaning that even as root, you're not allowed to do everything). See the mount(2) man page for more information.

您可以使用 - cap-add = SYS_ADMIN 标志启动容器，以将此功能添加到容器中：

You can start your container with the --cap-add=SYS_ADMIN flag to add this capability to your container:

root@host > docker run --rm -it --cap-add=SYS_ADMIN debian:jessie
root@ee0b1d5fe546:/# mkdir /mnt/test
root@ee0b1d5fe546:/# mount --bind /home /mnt/test/
root@ee0b1d5fe546:/# 

请谨慎使用即可。不要在特权容器中运行不受信任的软件。

Use this with caution. Do not run untrusted software in a privileged container.

这篇关于如何在Docker容器中安装 - 绑定？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！