我有这个容器基于 debian:jessie (但这并不是很相关,因为我与 alpine相同的问题:3.3 )。我到达了我需要的地步。
I have this container based on debian:jessie (but this is not very relevant as I had the same issue with alpine:3.3). I get to the point where I need to
mount --bind /htdocs/www /home/user/example/www我得到
mount: permission denied我在任何内核日志中找不到任何东西,而 -vvv 没有什么有趣的。我显然可以在主机上(与任何其他子树/节点对)进行此操作。在我上面的例子中,/ htdocs / www是Docker卷的挂载点,但它似乎并不重要,因为我不能 mount --bind
I can't find anything in any kernel log, and -vvv yields nothing interesting. I obviously can do this on the host (with any other pair of subtree/node). In my example above /htdocs/www is the mountpoint of a Docker volume, but it doesn't appear like it's of any importance, as I can't mount --bind any pair of subtree/node inside the container.
推荐答案使用 mount 系统调用,您需要 CAP_SYS_ADMIN 功能。默认情况下,Docker在产生容器时删除所有功能(这意味着即使使用 root ,您也不能做任何事情)。有关详细信息,请参阅 mount(2)手册页。
For using the mount system call, you need the CAP_SYS_ADMIN capability. By default, Docker drops all capabilities when spawning a container (meaning that even as root, you're not allowed to do everything). See the mount(2) man page for more information.
您可以使用 - cap-add = SYS_ADMIN 标志启动容器,以将此功能添加到容器中:
You can start your container with the --cap-add=SYS_ADMIN flag to add this capability to your container:
root@host > docker run --rm -it --cap-add=SYS_ADMIN debian:jessie root@ee0b1d5fe546:/# mkdir /mnt/test root@ee0b1d5fe546:/# mount --bind /home /mnt/test/ root@ee0b1d5fe546:/#请谨慎使用即可。不要在特权容器中运行不受信任的软件。
Use this with caution. Do not run untrusted software in a privileged container.
更多推荐
如何在Docker容器中安装
发布评论