I am new to docker, so I may just have missed this from the documentation.
I am creating a container where I absolutely want to ensure that a volume is actually mounted and the dockerized APP does not write into the data layer of the container itself.
Are there any APIs or other ways that an application can detect that “status” of a given file system path?
OK, is there any way I can enforce starting up read-only? This container is for wide consumption and I actually want to prevent potential user errors. The actual project is to create an “official” rsyslog container.
ok, thanks, that’s a workaround. I admit I would prefer to have an official capability to say “this container needs to be read-only”. It would also be good to have a way to check volumes as originally said, but that’s easier to miss Is there really no way to make this happen?
sorry for the confusion. I know I can do this. I was thinking a Dockerfile “command” like “FORCE-READ-ONLY” or something like a hypervisor call where I can say “hey docker, tell me if I am read only”, “hey docker, tell me if dir /some/path is a mounted volume” - along these lines…
And by “FORCE-READ-ONLY” I mean that docker run would automtically force the container to be read only.
Let me add this to avoid yet another confusion. And thanks a lot for sharing your insight. As I said, I just get up to speed on docker. What I really miss is this kind of hypervisor API (and, yes, I know what a hypervisor is and what a process is ;-)).
If you have control over the Dockerfile, you can achieve this by adding a file in the directory that is the mount point. If the volume is mounted, then this file will not be present, because of the way how Unix mounts work.
Now, when it comes to working with volumes, you must bear in mind that Docker’s default behavior is, if the volume is empty, to copy the file into the volume. Therefore, this will have false positives unless the nocopy option is passed when mounting the volume.
In the Dockerfile:
RUN touch /path/to/your/volume/file
VOLUME /path/to/your/volume
In the container:
if [ -f /path/to/your/volume/file ]; then
echo "Volume isn't mounted!"
fi
[The question has been asked a good time ago, however I didn’t see this solution anywhere in the Google search results.]