Docker Community Forums

Share and learn in the Docker community.

Mount root fs read only with docker-compose


(Floriankammermann) #1

I try to apply the docker CIS (https://github.com/docker/docker-bench-security)

The test 5.13 is: Mount container’s root filesystem as read only
There is an option for docker run to mount the root FS read only: --read-only=true
But I can’t find the possibility to achieve the same with docker-compose.

Is there a possibility to mount the root FS read only with docker-compose?


(Ron Peleg) #2

Hi this can be done by adding read_only: true to the service description, see also https://docs.docker.com/compose/compose-file/#cpu-shares-cpu-quota-cpuset-domainname-hostname-ipc-mac-address-mem-limit-memswap-limit-privileged-read-only-restart-stdin-open-tty-user-working-dir:91de898b5f5cdb090642a917d3dedf68