Privileges required to mount a host volume to a container

Why am I able to mount /home/pauld/wdred/vm01:/ but not /wdred/media:/?

pauld@nas01:~$ mount | grep vm0
/dev/mapper/vgwdred01-lvvm01 on /home/pauld/wdred/vm01 type ext4 (rw,relatime,stripe=32,data=ordered)
/dev/mapper/vgwdred01-lvvm02 on /home/pauld/wdred/vm02 type ext4 (rw,relatime,stripe=32,data=ordered)

pauld@nas01:~$ ls -ld /home/pauld/wdred/vm01
drwxr-xr-x 6 pauld root 4096 May 26 2013 /home/pauld/wdred/vm01 <-- this I can mount in my container

pauld@nas01:~$ mount | grep wdred

/dev/mapper/vgwdred01-lvmedia on /wdred/media type ext4 (rw,relatime,stripe=4096,data=ordered)

pauld@nas01:~$ ls -ld /wdred/media
drwxr-xr-x 12 root root 4096 Oct 30 20:23 /wdred/media <— unable to mount in container. Docker complains that the filesystem is read only, error while creating mount source path ‘/wdred/media’: mkdir /wdred: read-only file system

What user needs to own and what permissions are required to mount a host filesystem into a container in rw mode ? This isn’t clearly documented anywhere …
It doesn’t even make sense as to why docker is trying to run mkdir if the source already exists.

This is my working directory

pauld@nas01:~$ ls -l
total 36
drwxrwxr-x+ 10 pauld pauld 4096 Nov 3 11:41 docker
drwxr-xr-x 3 root root 4096 Oct 31 08:59 Downloads
drwxr-xr-x 3 root root 4096 Nov 2 22:11 hydra
drwxr-xr-x 3 root root 4096 Nov 2 21:55 nzbget
drwxr-xr-x 4 root root 4096 Nov 2 22:00 radarr
drwxr-xr-x 3 pauld pauld 4096 Oct 29 21:41 snap
drwxr-xr-x 4 root root 4096 Nov 2 22:07 sonarr
drwxr-xr-x 2 root root 4096 Oct 31 15:46 tmp
drwxrwxr-x 4 pauld pauld 4096 Oct 31 16:52 wdred

Ubuntu 18.04.01

pauld@nas01:~$ docker info
Containers: 6
Running: 6
Paused: 0
Stopped: 0
Images: 7
Server Version: 18.06.1-ce
Storage Driver: aufs
Root Dir: /var/snap/docker/common/var-lib-docker/aufs
Backing Filesystem: extfs
Dirs: 42
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: N/A (expected: 69663f0bd4b60df09991c08812a60108003fa340)
init version: 949e6fa (expected: fec3683)
Security Options:
Profile: default
Kernel Version: 4.15.0-38-generic
Operating System: Ubuntu Core 16
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 15.53GiB
Name: nas01
Docker Root Dir: /var/snap/docker/common/var-lib-docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 71
Goroutines: 81
System Time: 2018-11-03T02:52:39.567644433Z
EventsListeners: 0
Experimental: false
Insecure Registries:
Live Restore Enabled: false


I have a similar problem when i try to mount a binary from the host into /usr/bin !
Same read-only fs error message.
and same docker version

and the answer is…

get rid of 18.06.1 and use 18.09 :wink:

I used the snap version for 18.06.1 …
I believe now its best to be avoided

1 Like

Hi uvwild,
Thanks for sharing. I had the snap version of Docker too, which was installed as part of the Ubuntu 18.04.

I wasted many hours trying to research this issue - unbeknownst to me it was a product defect / limitation rather than anything I was doing wrong. Extreme frustration.

I have now deinstalled the snap docker version and installed the latest docker-ce - and it works fine. I was using docker-compose also - so I had to update the ‘version’ line in the yaml header.

Again, thanks for sharing your findings…it means I can revert my setup to the way it ought to be.

I won’t be using anything snap again…


@uvwild thanks !

I have the snap version too witch come by default using the default Ubuntu install. I did have the same error trying to mount a filesystem for plex :
ERROR: for plex Cannot start service plex: error while creating mount source path ‘/blabla’: mkdir /blabla: read-only file system

So i had to get rid of it and install the new one using this