How do I mount a file system in an docker container on a carrier

preface

It feels like a lot of people are asking docker questions these days about how to operate a file system with an docker container that has been started. First I find this very difficult because of the mnt namespace.

To log into an docker container that has been started, we need to do this:

Use nsenter to mount the entire docker container's file system on the temporary mount point. Create a binding mount for a specific directory to use as a volume. Unmount temporary mount.

All right, let's do it.

Start an instance of docker called charlie:

$ docker run --name charlie -ti ubuntu bash

I want to the directory/home/jpetazzo/Work DOCKER/docker to/src mount to my docker container.

nsenter

First, you need nsenter to pass through docker-enter Help script to operate. Because we want to mount the file system into the docker container, our docker container is not allowed to do this for security reasons. Using nsenter, we can execute arbitrary commands in the docker container without any security restrictions, and directly obtain the root permission of the docker container. How do we get the docker container

Install nsenter via docker-enter Install nsenter:

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

Use our docker file system

Want to mount the directory from the host (/ home jpetazzo/Work/DOCKER/docker) in docker.

To find the directory of the docker file system.

First, use readlink to view the mount location of the docker directory.

$ readlink --canonicalize /home/jpetazzo/Work/DOCKER/docker
/home/jpetazzo/go/src/github.com/docker/docker

Setting environment variables:

$ HOSTPATH=/home/jpetazzo/Work/DOCKER/docker
$ REALPATH=$(readlink --canonicalize $HOSTPATH)

View mount status of docker file system df:

$ df $REALPATH
Filesystem 1K-blocks Used Available Use% Mounted on
/sda2  245115308 156692700 86157700 65% /home/jpetazzo

Specifies the environment variables that specify the docker file system

$ FILESYS=$(df -P $REALPATH | tail -n 1 | awk '{print $6}')

View the equipment in the docker container

Since there is no binding to mount or use BTRFS at the moment, we will look at /proc/mounts to find the device files for this directory /home/jpetazzo.

$ while read DEV MOUNT JUNK
> do [ $MOUNT = $FILESYS ] && break
> done </proc/mounts
$ echo $DEV
/dev/sda2

Find the mount status through the device information.

$ while read A B C SUBROOT MOUNT JUNK
> do [ $MOUNT = $FILESYS ] && break
> done < /proc/self/mountinfo 
$ echo $SUBROOT
/jpetazzo

Good, we now know that we need to mount /dev/sda2 to this directory /jpetazzo, pointing from this location to whatever directory we need.

Set the directory

$ SUBPATH=$(echo $REALPATH | sed s,^$FILESYS,,)

Check the device number.

$ stat --format "%t %T" $DEV
8 2

Set device information

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

0

Put these steps together

We want to verify that the path and host in the docker container are not 1

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

1

Create a temporary mount point to mount the file system

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

2

Determines that a mount volume exists on the file system

$ docker-enter charlie -- mkdir -p /src
$ docker-enter charlie -- mount -o bind /tmpmnt/$SUBROOT/$SUBPATH /src

Clean up temporary mounts

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

4

Here is a simple example script:

$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter

5

conclusion

The above is the whole content of this article, I hope the content of this article to your study or work can bring 1 definite help, if you have questions you can leave a message to communicate.