Mount Smb/Cifs Share Within a Docker Container

Mount SMB/CIFS share within a Docker container

Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged flag with docker run to disable these security measures.

Further, you can combine --cap-add and --cap-drop to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN capability is the one that grants mount privileges.

Docker containers can't write inside cifs share

CIFS Possibilities for Docker

Let Container mount (bad approach)

services:
  name:
    cap_add:
      - SYS_ADMIN
      - DAC_READ_SEARCH
    security_opt:
      - "apparmor=unconfined"

Dockerfile:
ENTRYPOINT ["/bin/bash", "mount.sh" ]

mount.sh:

#!/bin/bash

mkdir /mnt/whatever
mount -v -t cifs -o username=xx,password=xx,vers=SMB-Version-Number,dir_mode=0744,file_mode=0744 //IP/Path /mnt/whatever

<start your container logic>

Bad approach due to very bad security, but in some use-cases could be helpful.

Let docker mount

services:
  name:
     volumes:
      - my_mount:/mnt/whatever

volumes:
  my_mount: 
    driver_opts:
      type: cifs
      o: username=xx,password=xx,vers=SMB-Version-Number
      device: //IP/Path

Let host mount

mount -t cifs -o username=xx,password=xx, \               
  uid=dockeruid,forceuid, \
  gid=dockergid,forcegid, \                  
  file_mode=744,dir_mode=744 //IP/Path /mnt/whatever

run docker containers then with this user:

services:
  name:
    user: "dockeruid:dockergid"
    volumes:
      - /mnt/whatever:/mnt/whatever

SMB/CIFS volume in Docker-compose on Windows

I had completely misunderstood this docker docs page where it says

The built-in local driver on Windows does not support any options.

That does not mean that you can't use the cifs driver in Windows.

The solution is very simple

services:
  my-service:
    volumes:
      - nas-share:/container-path

volumes:

  nas-share:
    driver_opts:
      type: cifs
      o: "username=[username],password=[password]"
      device: "//my-nas/share"

Replace [username] and [password] with the actual username and password for the NAS and it works perfectly.

Mounting CIFS under Docker container does not affect host-mounted volume

The volume can be specified to mount as shared by -v /local/path:/mnt:shared

Cifs mount in docker container with docker-compose

The answer I found, is to put the mount command into the run.sh file. As the command (or CMD) in the Dockerfile is only executed when running

docker-compose up

the mount will only be executed after the build, done beforehand, is already finished.

Therefore, before starting the python script, the mount command is executed.
In my case, that only worked with the privileged flag set to true.


Related Topics

How to Split One Text File into Multiple *.Txt Files

Where Is the X86-64 System V Abi Documented

Get Exit Code of a Background Process

What Is the Meaning of So_Reuseaddr (Setsockopt Option) - Linux

How to Print the Ld(Linker) Search Path

Hello, World in Assembly Language With Linux System Calls

Git Asks For Username Every Time I Push

Apache Virtualhost 403 Forbidden

Using Grep to Get the Next Word After a Match in Each Line

How to Print a Character in Linux X86 Nasm

Kdevtmpfsi Using the Entire Cpu

How to Keep Environment Variables When Using Sudo

How to Pass the Password to Su/Sudo/Ssh Without Overriding the Tty

How to Merge Two Files Using Awk

Ld Cannot Find an Existing Library

Bash Script Process Substitution Syntax Error: "(" Unexpected

Shell Command to Tar Directory Excluding Certain Files/Folders

How to Programmatically Create a New Cron Job


Leave a reply



Submit