-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Populating a volume using a container does not work in Docker on Windows #40771
Comments
I was just going to post this and then I see this is the most recent issue, maybe it's a recent regression? Here's the docker file I use to test this: # escape=`
FROM mcr.microsoft.com/windows/nanoserver:1909
RUN mkdir C:\myvol
RUN echo "hello world" > C:\myvol\greeting
VOLUME C:\myvol
CMD type C:\myvol\greeting I tried it in both process and hyperv isolation and none works. If you comment out the VOLUME instruction is does work of course. I also tried various path variants (using slashes, add ending backslash, etc) but the issue does not seem to be there. |
You seem to have the "host" and "container" paths reversed, and as a result are bind-mounting a host (C:\Data) directory into the container at The syntax for the short-hand (
For example;
After that (assuming |
|
@thaJeztah the minimal repro is at #40771 (comment). Run it without volume mappings (let docker create the volume), the file will not be available. |
Think I found the offending code: Edit: This might not be the issue, I tried it and it didn't fix the issue for me, but there's also a 50/50 chance I made a mistake when building/testing so take it with a grain of salt. |
I think this is actually related to the nanoserver image. It does not happen when using servercore images because of permissions. Nanoserver uses the user ContainerUser which does not have permissions to named volumes stored in the default docker volume folder. One option, although I don't know the security risks, is to add "Authenticated User" to the volume folder in the docker folder (usually C:\ProgramData\docker\volumes unless you set it up to be a different directory). Then when any named volume is created it will have that permission and allow access to ContainerUser. As for the security concern, "Authenticated User" is a pretty minimal security level, just above Everyone except with authentication, especially considering docker container users are considered Authenticated Users; hence why this works. |
@jbaig I just tried with the servercore:1909 image and it doesn't work for me. # escape=`
FROM mcr.microsoft.com/windows/servercore:1909
RUN mkdir C:\myvol
RUN echo "hello world" > C:\myvol\greeting
VOLUME C:\myvol
CMD type C:\myvol\greeting result:
|
@guillaume86 Sorry I misunderstood. In my case using nanoserver with shared volumes gave an access is denied (unless using Authenticated Users) vs servercore which was fine. As for what you are saying, that relates to windows requiring the volume to be empty at the start: https://docs.docker.com/engine/reference/builder/#notes-about-specifying-volumes The work around for that is to add the file(s) at startup and then it will live in the shared volume going forward. # escape=`
FROM mcr.microsoft.com/windows/servercore:1809
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue'; $verbosePreference='Continue';"]
RUN mkdir C:\myvol
VOLUME C:\myvol
CMD echo 'hello world' | Out-File -FilePath C:\myvol\greeting; type C:\myvol\greeting The end result will give the hello world and store the document in a shared volume. |
@jbaig ha good find in the documentation, a warning in the section about populating new volumes would be nice to avoid future confusion. |
Description
I'm following the instruction on this Docker official page under "Populate a volume using a container" in an attempt to create a new volume populated with existing files in a newly launched container. However, file copy to the volume is not taking place at all and the volume remains completely empty.
Steps to reproduce the issue:
docker run -it --name=test -v C:\Data dataimage/test1:version1
Describe the results you received:
The volume gets created but the original content of the folder is completely hidden and empty. If I run the above command without the
-v option
instead, then I can see the original files at the same location.Describe the results you expected:
The command should create a new volume under C:Data inside the container and copy all existing files at that location into the volume.
Additional information you deem important (e.g. issue happens only occasionally):
The issue happens 100% of the time.
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
Running on AWS G4 EC2 instance.
The text was updated successfully, but these errors were encountered: