问题
I am working with Docker,and I want to mount a dyanmic folder that changes a lot (so I do not have to make dockers for each ones execution, which would be too costly), but I want that folder to be readonly. Changing the folder owners to someone else works however chown requires root access, which I would not prefer to expose to an application.
When I use -v flag to mount, it gives whatever the username I give, I created a non root user inside the docker image, however all the files in the volume with the owner as the user that ran docker, changes into the user I give from commandline, so I cannot make readonly files and folders. How can I prevent this?
I also added mustafa ALL=(docker) NOPASSWD: /usr/bin/docker, so I could change to another user via terminal, but still the files have permissions for my user.
回答1:
You can specify that a volume should be read-only by appending :ro to the -v switch:
docker run -v volume-name:/path/in/container:ro my/image
Note that the folder is then read-only in the container and read-write on the host.
2018 Edit
According to the Use volumes documentation, there is now another way to mount volumes by using the --mount switch. Here is how to utilize that with read-only:
$ docker run --mount source=volume-name,destination=/path/in/container,readonly my/image
docker-compose
Here is an example how to specify read-only containers in docker-compose:
version: "3"
services:
redis:
image: redis:alpine
read_only: true
回答2:
docker-compose
Here is a proper way to specify read-only volume in docker-compose:
version: "3"
services:
my_service:
image: my:image
volumes:
- type: volume
source: volume-name
target: /path/in/container
read_only: true
volumes:
volume-name:
https://docs.docker.com/compose/compose-file/#long-syntax-3
来源:https://stackoverflow.com/questions/19158810/docker-mount-volumes-as-readonly