0

Is it possible to mount a tmpfs on top of a read-only bind mount with docker run?

This works:

docker run --rm -it -v "$PWD:/x" --tmpfs /x/y -w /x alpine:latest sh

This fails:

docker run --rm -it -v "$PWD:/x:ro" --tmpfs /x/y -w /x alpine:latest sh

Error (line breaks mine):

docker: Error response from daemon: OCI runtime create failed:
container_linux.go:380:
starting container process caused:
process_linux.go:545:
container init caused:
rootfs_linux.go:76:
mounting "tmpfs" to rootfs at "/x/y" caused:
mkdir /var/lib/docker/overlay2/91a0f0934fbaa8cd1fc2c322feca2912f68af2a7520df3a49a5f129153ac8627/merged/x/y:
read-only file system: unknown.

I tried providing the bind mount after the tmpfs and also tried replacing --tmpfs ... with --mount type=tmpfs,destination=... but got the same error.

Mounting the tmpfs inside the other mount will create a mountpoint directory inside the other mount, which seems to be the reason why read-only mounting the containing directory won't work.

Arc
  • 11,143
  • 4
  • 52
  • 75
  • I can't imagine a scenario where attempting to write to a readonly filesystem is going to end well. Why can't you just mount the tmpfs to a path outside `/x`? – SiHa Jun 29 '22 at 09:37
  • Create a `y` folder inside of the current directory first. `mkdir y`, before the `docker run...` – BMitch Jun 29 '22 at 11:19

0 Answers0