Hi. I found that NFS shares with the following server config (/etc/exports
) do not work:
*(rw,sync,no_subtree_check,no_all_squash)
while the ones with the following do:
*(rw,sync,no_root_squash,no_subtree_check)
RedHat does not recommend using the no_root_squash, however.
I think docker initially starts with the root user and tries to bind-mount the directories with that user (even when running docker run --user=$UID:UID -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group
). It then drops into the requested user (the one specified with the UID).
The initial mount however is always unsuccessful.
Update: Seems this comment says the same thing.
Update2 [Solution]:
This worked to access files on an NFS share with non-root Docker and *(rw,sync,no_subtree_check,no_all_squash)
(user permissions enforced).
$ export NFS_VOL_NAME=mynfs
$ export NFS_LOCAL_MNT=/mnt/foo
$ export NFS_SERVER=bambam.local
$ export NFS_SHARE=/mnt/swap
$ export NFS_OPTS=vers=4,soft
$ docker run --rm -it --mount \
"src=$NFS_VOL_NAME,dst=$NFS_LOCAL_MNT,volume-opt=device=:$NFS_SHARE,\"volume-opt=o=addr=$NFS_SERVER,$NFS_OPTS\",type=volume,volume-driver=local,volume-opt=type=nfs" \
--user $UID:$UID -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group \
busybox ls $NFS_LOCAL_MNT
On the server:
$ cat /etc/exports
/mnt/swap *(rw,sync,no_subtree_check,no_all_squash)