Docker Community Forums

Share and learn in the Docker community.

NFS client using the IP of another container

Hey all,
I have the following issue. I have an NFS server that is sitting in a private network. I want to mount it as a volume on my laptop. I can reach that NFS server using an SSH tunnel to a machine on that network (using this container).

The problem is now that I can’t set up an nfs share because there is a dependency issue, it boils down to:


    driver: local
      o: addr=sevice_a, ...

Note: The laptop in question runs docker for windows. So I can’t use some sshfs trick AFAIK.


For using mount, you’ll need the CAP_SYS_ADMIN capability, which is dropped by Docker when creating the container.

There are several solutions for this:

Start the container with the --cap-add sys_admin flag. This causes Docker to retain the CAP_SYS_ADMIN capability, which should allow you to mount a NFS share from within the container. This might be a security issue; do not do this in untrusted containers. [A previous version of this answer suggested using the --privileged=true to retain all capabilities, thanks to @earcam for the suggestion to use --cap-add instead].
Mount the NFS share on the host and pass it into the container as a host volume:

you@host > mount server:/dir /path/to/mount/point
you@host > docker run -v /path/to/mount/point:/path/to/mount/point
Use a Docker volume plugin (like the Netshare plugin) to directly mount the NFS share as a container volume:

you@host > docker run
-v server/dir:/path/to/mount/point

So in the end I basically did what @lewish95 did. a small addition was to add :shared to the host volume.
Confirmation that this is actually done came to be because its similar to what kube-s3 are doing:

Basically you mount the path as :shared to the host, then use that for another container.