New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow controlling the mount namespace #10088
Comments
+1, you could containerize things like mounting new filesystems onto the host mount namespace which can be consumed as bind-mounts for other containers as well. |
This is also needed to access network namespaces that are created within a container due to the proc mount (typically at /run/netns/<net_namespace>). EDIT: This is no longer a valid concern for >1.6 docker since the mount namespace is notlonger private and mount propogation works |
+1 We have a use case for this where mounting with a FUSE driver could be done by a seperate container. |
This would be great for automating the setup of filesystems within the confines of a container and then sharing it between multiple containers. +1 |
+1 We're also trying to use a container to mount a FUSE filesystem which needs to be shared with the host |
There seems to be a patch here: rootfs@0ca94ce |
This would be very useful in many settings for the reasons cited. Any update on this? |
We are close. Checkout. |
Yes. Could also just close this as a dup of #14630 |
Cool, I'll close this one, thanks @phemmer ! (technically it's the other way around, because this one's older, but 👍) |
This is a continuation of a request & discussion in #6687
The primary request is to allow disabling the mount namespace inside a container. The use case is so that one container can mount a volume (real volume, not a docker volume), and then use docker volumes to share the mount with another container.
There are a few cases where you might want to do this.
mount.*
missing, FUSE daemon missing, etc). You could bake the tools into the application image, but keeping them separate lets the application image remain portable.Currently if you mount something on top of a docker volume inside a container, and you share that volume with another container, the mount appears empty.
Since the processes inside the container need to see their root as the root of the image, we can instead use a simple
chroot
when the mount namespace is disabled.The text was updated successfully, but these errors were encountered: