Good Afternoon, Guys -
I run Docker via Atomic (Fedora 29) on a dedicated system which I’ve used for a few months now and absolutely love it. There are many additional things that I want to do with it, however continue to hit a single roadblock. I’ve done a ton of research and testing without finding a solution so far so wanted to make an all-inclusive post.
What is the suggested method for mounting a Windows Share to a container so that the container has full Read/Write access to the files/folders within?
So far, I’ve tried the below methods without success. A section for each is below with detail and results…
- Attempt #1: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container
- Attempt #2: Mounting Share to Host using CIFS then Attaching Mounted Folder as Volume to Container Excluding SysLinux Parameters
- Attempt #3: Using the NetShare Docker Plugin
- Attempt #4: Mounting Share Inside of Container Using CIFS
Basically, I use CIFS to mount the Windows share with 0777 to an empty path on the host like /shares/files. When creating the container I wish to access it, I add a volume by including the below string:
-v /share/files:/files:z \ (Added :z since use Atomic with SysLinux)
This fails as when I try to create the container including tyhe above string, I get the error:
> /usr/bin/docker-current: Error response from daemon: error setting label on mount source ‘/share/files’: SELinux relabeling of /share/files is not allowed: "operation not supported".
This is the same as the above test, but I remove ":z" from the end of the string resulting in:
-v /share/files:/files \
I am able to create the container successfully, however; cannot access the files. If I connect to the container, I can cd into /files, however simply trying to execute "ls" fails with the error:
> ls: cannot open directory ‘.’: Permission denied
Note: I tested mounting to a folder which pre-exists in the container as well as defining a new one when creating the container. When connecting to the container after creation, I found that it did create /filestest yet I got the same error when trying to list files within it.
I ran across containx/docker-volume-netshare which is a Docker plugin that supposedly allows easier mounting of shares with containers so thought i’d try it out.
Unfortunately, I cannot get it working with Atomic for the life of me. I’ve tried installing it’s DEB which I seemingly cannot do with Atomic, installing it using rpm-tree (Atomic doesn’t have yum/apt-get), trying to install it using "docker plugin install containx/docker-volume-netshare", building it from source, and finally just copying and running it’s binary.
The closest I got was by downloading and testing the binary as after setting its permissions, I could execute "docker-volume-netshare -h" and see the help and other notes. When attempting to use it by executing "docker volume create -d cifs --name myserver/files$" (which is a valid shared path), I got the error:
Error response from daemon: create myserver/files$: create myserver/files$: Error looking up volume plugin cifs: legacy plugin: plugin not found
I posted an issue in their GitHub repo and tried a variety of other things, but didn’t get a response after weeks and had no further luck.
I found a couple of posts suggesting this could work, so gave it a shot. I first added the string below when building a typical container as the posts said it was required:
–cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH \
Once the container was up, I connected to it and did the following:
- Updated apt-get then installed nano & cifs-utils
- Created the file /.smbcredentials with credentials inside of it then ran chmod against it
- Created a new folder in the root named /filestest and set it to 0777 with chmod (Also tried using an existing empty folder in root which I set to 0777 as well)
- Edited /etc/fstab and added the below string (since I want it to be persistent)
//myserver/files$ /filestest cifs iocharset=utf8,credentials=/.smbcredentials,file_mode=0777,dir_mode=0777 0 0
Note: When first opening /etc/fstab, there was a single comment stating "# UNCONFIGURED FSTAB FOR BASE SYSTEM"
Once done, I executed "mount -a" which returns the below error:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
So that’s where I’m at. As you can see, I’m not asking out of the blue and have invested tons of time researching and testing. Any suggestions you have would be greatly appreciated.
Thank You & Happy Holidays!