Mount SMB/CIFS share within a Docker container
Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged
flag with docker run
to disable these security measures.
Further, you can combine --cap-add
and --cap-drop
to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN
capability is the one that grants mount privileges.
Docker containers can't write inside cifs share
CIFS Possibilities for Docker
Let Container mount (bad approach)
services:
name:
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- "apparmor=unconfined"
Dockerfile:ENTRYPOINT ["/bin/bash", "mount.sh" ]
mount.sh:
#!/bin/bash
mkdir /mnt/whatever
mount -v -t cifs -o username=xx,password=xx,vers=SMB-Version-Number,dir_mode=0744,file_mode=0744 //IP/Path /mnt/whatever
<start your container logic>
Bad approach due to very bad security, but in some use-cases could be helpful.
Let docker mount
services:
name:
volumes:
- my_mount:/mnt/whatever
volumes:
my_mount:
driver_opts:
type: cifs
o: username=xx,password=xx,vers=SMB-Version-Number
device: //IP/Path
Let host mount
mount -t cifs -o username=xx,password=xx, \
uid=dockeruid,forceuid, \
gid=dockergid,forcegid, \
file_mode=744,dir_mode=744 //IP/Path /mnt/whatever
run docker containers then with this user:
services:
name:
user: "dockeruid:dockergid"
volumes:
- /mnt/whatever:/mnt/whatever
SMB/CIFS volume in Docker-compose on Windows
I had completely misunderstood this docker docs page where it says
The built-in local driver on Windows does not support any options.
That does not mean that you can't use the cifs driver in Windows.
The solution is very simple
services:
my-service:
volumes:
- nas-share:/container-path
volumes:
nas-share:
driver_opts:
type: cifs
o: "username=[username],password=[password]"
device: "//my-nas/share"
Replace [username]
and [password]
with the actual username and password for the NAS and it works perfectly.
Mounting CIFS under Docker container does not affect host-mounted volume
The volume can be specified to mount as shared by -v /local/path:/mnt:shared
Cifs mount in docker container with docker-compose
The answer I found, is to put the mount command into the run.sh file. As the command (or CMD) in the Dockerfile is only executed when running
docker-compose up
the mount will only be executed after the build, done beforehand, is already finished.
Therefore, before starting the python script, the mount command is executed.
In my case, that only worked with the privileged flag set to true.
Related Topics
How to Split One Text File into Multiple *.Txt Files
Where Is the X86-64 System V Abi Documented
Get Exit Code of a Background Process
What Is the Meaning of So_Reuseaddr (Setsockopt Option) - Linux
How to Print the Ld(Linker) Search Path
Hello, World in Assembly Language With Linux System Calls
Git Asks For Username Every Time I Push
Apache Virtualhost 403 Forbidden
Using Grep to Get the Next Word After a Match in Each Line
How to Print a Character in Linux X86 Nasm
Kdevtmpfsi Using the Entire Cpu
How to Keep Environment Variables When Using Sudo
How to Pass the Password to Su/Sudo/Ssh Without Overriding the Tty
How to Merge Two Files Using Awk
Ld Cannot Find an Existing Library
Bash Script Process Substitution Syntax Error: "(" Unexpected
Shell Command to Tar Directory Excluding Certain Files/Folders