I have this container based on debian:jessie (but this is not very relevant as I had the same issue with alpine:3.3). I get to the point where I need to
mount --bind /htdocs/www /home/user/example.com/www
and I get
mount: permission denied
I can't find anything in any kernel log, and -vvv yields nothing interesting. I obviously can do this on the host (with any other pair of subtree/node). In my example above /htdocs/www is the mountpoint of a Docker volume, but it doesn't appear like it's of any importance, as I can't mount --bind any pair of subtree/node inside the container.
For using the mount system call, you need the CAP_SYS_ADMIN capability. By default, Docker drops all capabilities when spawning a container (meaning that even as root, you're not allowed to do everything). See the mount(2) man page for more information.
You can start your container with the --cap-add=SYS_ADMIN flag to add this capability to your container:
root@host > docker run --rm -it --cap-add=SYS_ADMIN debian:jessie
root@ee0b1d5fe546:/# mkdir /mnt/test
root@ee0b1d5fe546:/# mount --bind /home /mnt/test/
root@ee0b1d5fe546:/#
Use this with caution. Do not run untrusted software in a privileged container.
来源:https://stackoverflow.com/questions/36553617/how-do-i-mount-bind-inside-a-docker-container