Docker Community Forums

Share and learn in the Docker community.

How to mount an image with user permission namespaces in docker?

I have a docker container running under user privileges because of namespaces. The container needs to be able to mount an image using the mount command. However, this results in

mount failed: Operation not permitted.

That makes sense because users don’t have the permissions to mount. I think what’s happening is that the mount program in the docker container is making system calls that get permission denied. However, I checked SELinux and there were no permission denied audits. I thought maybe I can modify seccomp or SELinux to allow this, but maybe that’s the wrong rationale, because those programs only restrict kernel calls, but even if they are disabled and the kernel call was allowed, it’ll just be denied by the kernel.

How can I allow a user process to mount a volume?

Does root have the permission to mount? Look here for more infos about the --privileged flag.
If this works, you can add the share with the user and noauto options to /etc/fstab.

I cannot use the --privileged flag because it is running using namespaces. The problem with /etc/fstab is that it doesn’t allow for dynamic option when mounting.