Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

engine: add recursive bind mounts #18669

Merged
merged 1 commit into from
Jan 19, 2024
Merged

engine: add recursive bind mounts #18669

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion content/storage/bind-mounts.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,30 @@ $ docker container stop devtest
$ docker container rm devtest
```

## Recursive mounts
dvdksn marked this conversation as resolved.
Show resolved Hide resolved

When you bind mount a path that itself contains mounts, those submounts are
also included in the bind mount by default. This behavior is configurable,
using the `bind-recursive` option for `--mount`. This option is only supported
with the `--mount` flag, not with `-v` or `--volume`.

If the bind mount is read-only, the Docker Engine makes a best-effort attempt
at making the submounts read-only as well. This is referred to as recursive
read-only mounts. Recursive read-only mounts require Linux kernel version 5.12
or later. If you're running an older kernel version, submounts are
Comment on lines +278 to +279
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually wondering now; what do we do for native Windows containers, @AkihiroSuda ? Do we produce an error, or do we silently ignore the options (or a warning?)

Is there an equivalent of submounts on Windows? (and are they inherited?) 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likely to be ignored

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah; wondering if Windows in any form inherits nested mounts. I can try asking around for someone to try.

If it doesn't, then ignoring is probably fine (we could print a warning in some cases I guess, but more complicated on docker run, because we can't mix those with the container's own output)

automatically mounted as read-write by default. Attempting to set submounts to
be read-only on a kernel version earlier than 5.12, using the
`bind-recursive=readonly` option, results in an error.

Supported values for the `bind-recursive` option are:

| Value | Description |
|:--------------------|:------------------------------------------------------------------------------------------------------------------|
| `enabled` (default) | Read-only mounts are made recursively read-only if kernel is v5.12 or later. Otherwise, submounts are read-write. |
| `disabled` | Submounts are ignored (not included in the bind mount). |
| `writable` | Submounts are read-write. |
| `readonly` | Submounts are read-only. Requires kernel v5.12 or later. |

## Configure bind propagation

Bind propagation defaults to `rprivate` for both bind mounts and volumes. It is
Expand Down Expand Up @@ -396,4 +420,4 @@ and

- Learn about [volumes](volumes.md).
- Learn about [tmpfs mounts](tmpfs.md).
- Learn about [storage drivers](/storage/storagedriver/).
- Learn about [storage drivers](/storage/storagedriver/).