Best Solution to Mount a Windows Share within a Container

General Discussions
1

Good Afternoon, Guys -

I run Docker via Atomic (Fedora 29) on a dedicated system which I’ve used for a few months now and absolutely love it. There are many additional things that I want to do with it, however continue to hit a single roadblock. I’ve done a ton of research and testing without finding a solution so far so wanted to make an all-inclusive post.

My Question / Issue

What is the suggested method for mounting a Windows Share to a container so that the container has full Read/Write access to the files/folders within?

What I’ve Tried

So far, I’ve tried the below methods without success. A section for each is below with detail and results…

  • Attempt #1: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container
  • Attempt #2: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container Excluding SysLinux Parameters
  • Attempt #3: Using the NetShare Docker Plugin
  • Attempt #4: Mounting Share Inside of Container Using CIFS

Attempt #1: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container

Basically, I use CIFS to mount the Windows share with 0777 to an empty path on the host like /shares/files. When creating the container I wish to access it, I add a volume by including the below string:

-v /share/files:/files:z \ (Added :z since use Atomic with SysLinux)

This fails as when I try to create the container including tyhe above string, I get the error:

> /usr/bin/docker-current: Error response from daemon: error setting label on mount source ‘/share/files’: SELinux relabeling of /share/files is not allowed: "operation not supported".

Attempt #2: Same as Test #1, but Excluding SysLinux Parameter

This is the same as the above test, but I remove ":z" from the end of the string resulting in:

-v /share/files:/files \

I am able to create the container successfully, however; cannot access the files. If I connect to the container, I can cd into /files, however simply trying to execute "ls" fails with the error:

> ls: cannot open directory ‘.’: Permission denied

Note: I tested mounting to a folder which pre-exists in the container as well as defining a new one when creating the container. When connecting to the container after creation, I found that it did create /filestest yet I got the same error when trying to list files within it.

Attempt #3: Using the NetShare Docker Plugin

I ran across containx/docker-volume-netshare which is a Docker plugin that supposedly allows easier mounting of shares with containers so thought i’d try it out.

Unfortunately, I cannot get it working with Atomic for the life of me. I’ve tried installing it’s DEB which I seemingly cannot do with Atomic, installing it using rpm-tree (Atomic doesn’t have yum/apt-get), trying to install it using "docker plugin install containx/docker-volume-netshare", building it from source, and finally just copying and running it’s binary.

The closest I got was by downloading and testing the binary as after setting its permissions, I could execute "docker-volume-netshare -h" and see the help and other notes. When attempting to use it by executing "docker volume create -d cifs --name myserver/files$" (which is a valid shared path), I got the error:

Error response from daemon: create myserver/files$: create myserver/files$: Error looking up volume plugin cifs: legacy plugin: plugin not found

I posted an issue in their GitHub repo and tried a variety of other things, but didn’t get a response after weeks and had no further luck.

Attempt #4: Mounting Share Inside of Container Using CIFS

I found a couple of posts suggesting this could work, so gave it a shot. I first added the string below when building a typical container as the posts said it was required:

–cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH \

Once the container was up, I connected to it and did the following:

  1. Updated apt-get then installed nano & cifs-utils
  2. Created the file /.smbcredentials with credentials inside of it then ran chmod against it
  3. Created a new folder in the root named /filestest and set it to 0777 with chmod (Also tried using an existing empty folder in root which I set to 0777 as well)
  4. Edited /etc/fstab and added the below string (since I want it to be persistent)

//myserver/files$ /filestest cifs iocharset=utf8,credentials=/.smbcredentials,file_mode=0777,dir_mode=0777 0 0

Note: When first opening /etc/fstab, there was a single comment stating "# UNCONFIGURED FSTAB FOR BASE SYSTEM"

Once done, I executed "mount -a" which returns the below error:

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

How to Proceed / Suggestions?

So that’s where I’m at. As you can see, I’m not asking out of the blue and have invested tons of time researching and testing. Any suggestions you have would be greatly appreciated.

Thank You & Happy Holidays!

1 Like
2

Good Morning -

Does anyone have ideas, please? Thanks

3

you can try something like this: an infrastructure container with some volume

other containers share this volume.

4

@bzowk I’m facing the same issue, have you gotten any closer to getting this to work? My docker image is ubuntu based so maybe I’ll have more luck with the NetShare plugin.
I should note that I was able to mount the CIFS shared folder inside the docker image, when the host was Ubuntu, but not when the host was Windows.

5

I’ve tried this on Debian with a Debian container and mounted a share of my Windows PC, following your description. Everything works as expected. CIFS mounts are a bit tricky and error messages not always helpful. Has your credentials file the correct format? Is the password correct? And what’s this Dollar sign in fstab?

6

Now the second one:

Once again on a Debian host. Mounted my Windows PC to /home/tekki/mypc, then

docker container run --rm -v /home/tekki/mypc:/usr/src/app debian bash

In the container ls /usr/src/app, everything is here, touch a file somewhere in these folders, it appears in the Windows Explorer.
So ‘in principle’ everything works. This means the problems could have to do with your Fedora setup.

7

Did you realize that a container running in Docker for Windows is not part of the network of your Windows host? At least unless you change the network settings.

8

I need to better understand how the networking with the container works, but I’m not sure it’s the networking that’s at fault. While in the docker container on the windows host, I can successfully ping the host that has the CIFS folder 192.168.1.12 in my case, but I can’t mount the CIFS folder (//192.168.1.12/something) from that host.
Do you think that the default network settings (‘bridge’) can exhibit such behavior?
I’m using the exact same mount command that succeeds inside the same container, but when the host is an ubuntu machine.

9

I thought because I didn’t try. :wink: First question is if you use a recent version of Docker Desktop (not Docker Toolbox). This is my workflow to successfully mount a share from 192.168.1.110 into a container running on another Windows machine:

docker container run --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH -it ubuntu

In the container:

apt-get update && apt-get install -y cifs-utils vim
mkdir /mnt/arminius
echo '//192.168.1.110/Data /mnt/arminius cifs iocharset=utf8,credentials=/root/.smbcredentials 0 0' > /etc/fstab
vim /root/.smbcredentials

Add username and password, save. Call mount -a, Windows share is here and accessible.

10

Current workaround would be to run the container with privileged mode(Not secure)

docker run --privileged -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH centos bash
yum install cifs-utils -y
mount -t cifs -o username=username,password=password //192.168.0.228/public /mnt