Reputation: 1
How do I enable mounting filesystems in docker containers using apparmor
This question was reposted here.
I have a ubuntu 20.04 server running docker. Recently the default apparmor profile seems to have started enforcing a restriction on mount points in docker containers. So the containers write directly to the root filesystem rather than the mount.
Outside of docker I can navigate the mounts with no issues but when executing a shell in containers it is as if the mount points are not mounted.
I have narrowed this down to being caused by apparmor and disabling apparmor allows mounting and everything works as I would expect. The containers seem to be using the docker-default profile.
My question is: how do I enable mounting in docker container either on a global basis or on individual containers. I would rather not have to completely disable apparmor for this issue?
Upvotes: 0
Views: 965
Answers (1)
Reputation: 1
So it turns out my issue was actually with Docker starting before filesystems were mounted. I believe I can alter the systemd file for docker to delay starting until my mounts are in place. The containers were binding to the mount point as a directory and writing directly to the root filesystem.
Incidentally you can change the apparmor profile used for containers with the security_opt option and load in a new profile with apparmor-parser. My containers didn't have mount but nor should they need it if the mounts are already in place.
Upvotes: 0
Related Questions
- How to mount file inside docker in docker?
- why the mountpoint in container can't been seen in host
- How can I mount a container file to my Docker host?
- How to create container with a mount in Docker API
- Cannot use mount within a Docker container
- I could not mount docker's file system to host's file system
- Dockerfile - How to define mounting of host file system to the container
- Get apparmor working on docker container
- Mount volume using Docker API
- How come mount command is disabled inside a docker container