0

Using podman/buildah, I want to build a container image that has host file systems already mounted.

I am able to do this with Singularity with sudo singularity build /tmp/lolcow.simg /tmp/lolcow.recipe if those file systems are defined in /etc/singularity/singularity.conf. How can I do this with podman? I am trying to avoid using -v during the podman run stage for this. I'm not tied to Docker compatibility, so if there's a buildah-specific way to do this, great.

The podman-build man page gives as a usage example podman build --volume /home/test:/myvol:ro,Z -t imageName . But when I try it and run the resulting image, the equivalent of the /home/test file system isn't mounted.

Cavalcade
  • 9
  • 2

1 Answers1

1

I want to build a container image that has host file systems already mounted.

You can't, primarily because such an image would present a substantial security risk (a container that could force arbitrary host mounts could happily export your entire filesystem to a malicious remote endpoint -- even when running as a non-root user this would still represent a fairly significant problem).

Using the --volume option to podman build mounts the volume inside the container during the build process, but there's no mechanism to instruct Podman (or Docker) to automatically mount something at runtime.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • I follow you, but couldn't it mount in directories to which the building user has access? Singularity does something like this. Users who then try to start a container with that image cannot of course access any files their uid doesn't have access to. I should have mentioned everything I'm considering is rootless. – Cavalcade Oct 26 '22 at 00:18