How do I mount a file system in an docker container on a carrier

  • 2020-05-30 21:25:20
  • OfStack


It feels like a lot of people are asking docker questions these days about how to operate a file system with an docker container that has been started. First I find this very difficult because of the mnt namespace.

To log into an docker container that has been started, we need to do this:

Use nsenter to mount the entire docker container's file system on the temporary mount point. Create a binding mount for a specific directory to use as a volume. Unmount temporary mount.

All right, let's do it.

Start an instance of docker called charlie:

$ docker run --name charlie -ti ubuntu bash

I want to the directory/home/jpetazzo/Work DOCKER/docker to/src mount to my docker container.


First, you need nsenter to pass through docker-enter Help script to operate. Because we want to mount the file system into the docker container, our docker container is not allowed to do this for security reasons. Using nsenter, we can execute arbitrary commands in the docker container without any security restrictions, and directly obtain the root permission of the docker container. How do we get the docker container

Install nsenter via docker-enter Install nsenter:

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Use our docker file system

Want to mount the directory from the host (/ home jpetazzo/Work/DOCKER/docker) in docker.

To find the directory of the docker file system.

First, use readlink to view the mount location of the docker directory.

$ readlink --canonicalize /home/jpetazzo/Work/DOCKER/docker

Setting environment variables:

$ HOSTPATH=/home/jpetazzo/Work/DOCKER/docker
$ REALPATH=$(readlink --canonicalize $HOSTPATH)

View mount status of docker file system df:

Filesystem 1K-blocks Used Available Use% Mounted on
/sda2  245115308 156692700 86157700 65% /home/jpetazzo

Specifies the environment variables that specify the docker file system

$ FILESYS=$(df -P $REALPATH | tail -n 1 | awk '{print $6}')

View the equipment in the docker container

Since there is no binding to mount or use BTRFS at the moment, we will look at /proc/mounts to find the device files for this directory /home/jpetazzo.

$ while read DEV MOUNT JUNK
> do [ $MOUNT = $FILESYS ] && break
> done </proc/mounts
$ echo $DEV

Find the mount status through the device information.

> do [ $MOUNT = $FILESYS ] && break
> done < /proc/self/mountinfo 
$ echo $SUBROOT

Good, we now know that we need to mount /dev/sda2 to this directory /jpetazzo, pointing from this location to whatever directory we need.

Set the directory

$ SUBPATH=$(echo $REALPATH | sed s,^$FILESYS,,)

Check the device number.

$ stat --format "%t %T" $DEV
8 2

Set device information

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Put these steps together

We want to verify that the path and host in the docker container are not 1

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Create a temporary mount point to mount the file system

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Determines that a mount volume exists on the file system

$ docker-enter charlie -- mkdir -p /src
$ docker-enter charlie -- mount -o bind /tmpmnt/$SUBROOT/$SUBPATH /src

Clean up temporary mounts

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Here is a simple example script:

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter


The above is the whole content of this article, I hope the content of this article to your study or work can bring 1 definite help, if you have questions you can leave a message to communicate.

Related articles: