Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Volumes of type tmpfs lacks support for the mode parameter #9873

Closed
rawtaz opened this issue Sep 23, 2022 · 2 comments
Closed

Volumes of type tmpfs lacks support for the mode parameter #9873

rawtaz opened this issue Sep 23, 2022 · 2 comments
Assignees
@milas
Labels
area/config area/volumes

Comments

@rawtaz
Copy link

rawtaz commented Sep 23, 2022
edited
Loading

Docker Compose currently does not support the mode parameter for tmpfs mounts. It only support the size parameter.

This has been verified both empirically with Docker Compose version v2.6.0 with Docker Engine - Community version 20.10.17 and by looking in the source code.

Here are some references showing that mode is currently not supported:

Worth noting is that Docker does support it in the mount.TmpfsOptions struct that is returned by the buildTmpfsOptions function in Compose.

Also worth mentioning is that the official Docker Compose specification documentation for tmpfs volumes clearly states that mode should be supported for tmpfs. Despite this, however, the compose-go library does not support the mode parameter.

Here's an example of a tmpfs specification for a service that does not work (Compose throws an error services.foo.volumes.0.tmpfs Additional property mode is not allowed):

volumes:
  - type: tmpfs
    target: /test
    tmpfs:
      size: 128k
      mode: 0777

I'm not sure if I got all of the relationships between specifications, libraries and other software right, I figured that given the above mentioned pieces of mode throughout the source code, it made sense to open an issue about it in this repository.

It looks like it's rather straight forward to add support for this option, since Docker itself supports it, or am I missing something?

Either way, it's a problem because it's currently impossible to mount and use tmpfs volumes with unprivileged processes/containers.
@cavo789
Copy link

cavo789 commented Sep 28, 2022

Same issue

I just met the same issue. I'm building a postgres image where I'm using a non root user and tmpfs storage for my PGDATA directory.

The error message I got is mkdir: can't create directory '/var/lib/postgresql/data': Permission denied and this is because I'm using a volume like this:

volumes:
      - type: tmpfs
        target: /var/lib/postgresql/data
        tmpfs:
          size: 536870912 # 512 MB

I don't have that error with this volume:

volumes:
      - my_postgres_data:/var/lib/postgresql/data:delegated

So linked to tmpfs.

After many searches, I've found some docs (like https://docs.docker.com/storage/tmpfs/#specify-tmpfs-options) suggesting to set the mode to 1770.

According this doc (https://github.com/compose-spec/compose-spec/blob/master/spec.md#long-syntax-4); I should be able to write the portion below in my docker-compose.yml file but docker compose config mention it's invalid. (The error message is then services.my_postgres.volumes.0.tmpfs Additional property mode is not allowed.)

volumes:
      - type: tmpfs
        target: /var/lib/postgresql/data
        tmpfs:
          mode: 1700
          size: 536870912 # 512 MB

My editor (vscode) is not protesting agains the schema (https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json); seems well valid.

milas added a commit to milas/compose that referenced this issue Nov 30, 2022
@milas
schema: add support for tmpfs.mode in mount definition
f4e0f39 
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes docker#9873.
milas added a commit to milas/compose that referenced this issue Nov 30, 2022
@milas
schema: add support for tmpfs.mode in mount definition
ec5a993 
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes docker#9873.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
@milas milas mentioned this issue Nov 30, 2022
Merged
@milas milas self-assigned this Nov 30, 2022
milas added a commit to milas/compose that referenced this issue Nov 30, 2022
@milas
schema: add support for tmpfs.mode in mount definition
422a3f3 
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes docker#9873.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
milas added a commit to milas/compose that referenced this issue Dec 2, 2022
@milas
schema: add support for tmpfs.mode in mount definition
430673c 
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes docker#9873.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
@milas milas closed this as completed in 113fb67 Dec 2, 2022
@cavo789
Copy link

cavo789 commented Dec 2, 2022

Thank you @milas and @nicksieger 👍

@krodelabestiole krodelabestiole mentioned this issue Jun 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@milas milas

Labels
area/config area/volumes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nicksieger @cavo789 @rawtaz @milas