Docker Community Forums

Share and learn in the Docker community.

Volume mounts in windows does not work


(Michael Friis) #41

Thanks for your patience. Currently only non-unicode passwords are supported. This is in the troubleshooting doc and we’re looking at ways to improve: https://beta.docker.com/docs/windows/troubleshoot/#host-filesystem-sharing

Michael


(Dieter Menne) #42

Thanks, Michael,

while some have solved the issue by changing the password, there are others like me who do not have a unicode password, or space in it. There must be some other settings that cause trouble; see my step-by-step case that is reproducible with the latest beta.

Language? I have a German Windows 10. Special HyperV settings (I used anything default). Use of kitematic? I also tested in a pure console setting.

Dieter


(Manuel Patrone) #43

Dieter, a couple of thoughts…

  1. why don’t you get inside MobyLinuxVM and check file access from there? With the mount command you should have mount points //10.0.75.2/x (assuming 10.0.75.2 to be the IpAddr of MobyLinuxVM and x=for each mapped drive appears at least twice in the mount list Linux being a case sensitive system…). Check that the user and domain matches what you have specified in the system tray applet.

  2. Check that you have the proper credentials setup under Credentials Manager->Windows Credentials->Dockerhost Filesystem Access

3)Avoid sharing folders under the c:/Users tree. What you will have visible from the container is what is visible to the credentials supplied. And teh Users tree have special security settings to isolate the different users.

It also took me several hours to get through this…


(Dieter Menne) #44

Thanks for you comments. I do not have access to the machine to test your ideas, with the exception of one point I remember:

  1. Avoid sharing C:/Users tree

When I use Kitematic to map the volume, it says that I must use c:Users. Same as in VirtualBox, but this is definitively running on HyperV

Dieter


(Michael Friis) #45

I found another problem, namely that “File and printer sharing” may be turned off. That causes volume mounting to silently fail for me.

It can be enabled in the GUI or with:

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

(Dieter Menne) #46

Thanks, interesting point, but I checked: this was correctly set on my system.


(Michael Friis) #47

Did you try what @rneugeba suggested here? Volume mounts in windows does not work


(Dieter Menne) #48

Changed my password (ASCII, but with digits, no special characters) to very simple one, and did a reset.

Did what you suggested. Made sure that it returns:

nsfs on /run/docker/netns/0092889bbf49 type nsfs (rw)

and otherwise everything what @rneugeba got as a response

Tried

docker run --rm -v c:/:/data alpine ls -R /data/
/data/:

Tried:
docker run -d -v c:/tmp/Gastrobase:/home/shiny/Gastrobase --name=gastro-docker dmenne/gastro-docker

which runs Ok under VM/Windows 7 on another computer. All network/shiny functions relying on file in the container run Ok. No sharing.

Returns on inspect:

"Mounts": [                                        
    {                                              
        "Source": "/c/tmp/Gastrobase",             
        "Destination": "/home/shiny/Gastrobase",   
        "Mode": "",                                
        "RW": true,                                
        "Propagation": "rprivate"                  
    }                                              
],                                                 

But nothing is there: From bash in the above

> root@04da158c6350:/# ls home/shiny/Gastrobase
(nothing)

(Dieter Menne) #49

Tested with Beta 13 (but probably no change compared to 12, I just wanted to create a simplified example to illustrate topic 33 in this thread. Printer sharing on, ASCII password, C is mapped.

Unmodified transcript after a restart of Docker. A directory C:\tmp exists and has files in it. Note that the third command is the same as the first, but returns something different.

>docker run --rm -v c:/:/data alpine ls -R /data/     
/data/:                                               
                                                      
>docker run --rm -v c:/tmp:/data alpine ls -R /data/  
/data/:                                               
                                                      
>docker run --rm -v c:/:/data alpine ls -R /data/     
/data/:                                               
tmp                                                   
                                                      
/data/tmp:

(Michael Friis) #50

Thanks for your immense patience. Here’s another thing to try:

You can get almost root in the Linux VM like this (from here):

#get a privileged container with access to Docker daemon
docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh

 #run a container with full root access to MobyLinuxVM and no seccomp profile (so you can mount stuff)
docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh

 #switch to host FS
chroot /host

… and then trying the mount manually:

mount -t cifs //10.0.75.1/C /C -o username=<username>,password=<password>,noperm

10.0.75.1 is the IP that the Linux guest can see your host at.


(Dieter Menne) #51

Sorry for the insistence… The forum software already complained that I talk too much ._)

docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh
— I do not fully understand this command, so I could not correct it, but it gives an error:

docker: Error response from daemon: Unable to setup mount point, neither source nor volume defined.

I had already tried another version from Vietnam which partly worked:

docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh

And I am in some # bash
(I will try to modify it to your version)


(Manuel Patrone) #52

Dieter,
After running:

  1. docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh
    and inside the created shell, you run the 2nd command:
  2. docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh
    and finally inside the shell created in 2), you run:
  3. chroot /host
    followed by the mount command mentioned before by Michael.

Curious about the root of the problem…


(Dieter Menne) #53

Thanks, po, I had read and tried your other post on the subject, but in error thought that the second command had to be given NOT inside the created shell. Some progress here: c and C are there. To be sure: ping to 10.0.75.1 works.

docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh
 / # docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh
 / # ls
 bin      dev      etc      home     host     lib      linuxrc  media    mnt      proc     root     run      sbin     sys      tmp      usr      var
 / # chroot /host
 / # ls
  C         Mac       c         etc       init      linuxrc   port      root      sbin      tmp       var
     Database  bin       dev       home      lib       media     proc      run       sys       usr
     / # ls c
     / # ls C
     / # mount -t cifs //10.0.75.1/C /C -o username=Dieter,password=mydearpass,noperm
     mount error(115): Operation in progress
     Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
     / #

(Manuel Patrone) #54

Oh the dreaded 115 return code. Assuming that the root shares are operational and username=Dieter has access to those shares (pls confirm) here is my suggestion (Michael knows better…):

umount all the shares (/c /C /d /D)
cat /proc/fs/cifs/DebugData (post here pls)
echo 7 > /proc/fs/cifs/cifsFYI
mount -t cifs //10.0.75.1/c /c -o user=Dieter,password=yourpassws,domain=yourhostname
cat /proc/fs/cifs/DebugData (post here pls)
dmesg (last 20 lines or so…)
echo 0 > /proc/fs/cifs/cifsFYI just to undo previous

Last messages of dmesg will detail cifs errors…


(Michael Friis) #55

Also interesting to confirm whether the c-drive is browsable using File Explorer on the host at \\10.0.75.1\c


(Rebeccamadsen) #56

I tried to follow along as I am having similar problems with mounts in Docker Beta windows. I got a different error after the final mount:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

This was with a new user and a simple alpha-only password, and a restart, unshare, reshare. Trying to browse the c-drive gives me ‘Windows can’t find ‘\10.0.0.75.1\c’. Check the spelling and try again.’


(Dieter Menne) #57

In case somebody wants to try: It probably should be:

10.0.75.1/C

(or lowercase c)

Please correct me if I misunderstood.

Gives 404 on http://10.0.75.1:80/C.

C was shared. Same for unshared drives, e.g. D


(Dieter Menne) #58

Thanks for you patience. I hope by “unmount all the shares” you mean: Unshare all in Docker settings. If not, please correct me. As an alternative, I tried it within bash when C had been shared:

/ # umount c            
umount: c: not mounted  
/ # umount C            
umount: C: not mounted  

Password: the password is my only password on this computer. This is a development computer, I have all rights as administrator. No domain. When I enter the wrong password during sharing in Docker Settings, system complains.

Your requests:

>docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh
/ # docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh

/ # ls
bin      dev      etc      home     host     lib      linuxrc  media    mnt      proc     root     run      sbin     sys      tmp      usr      var

/ # cat /proc/fs/cifs/DebugData
Display Internal CIFS Data Structures for Debugging
---------------------------------------------------
CIFS Version 2.08
Features: dfs fscache posix xattr
Active VFS Requests: 0
Servers:

/ # echo 7 > /proc/fs/cifs/cifsFYI
/ # mount -t cifs //10.0.75.1/c /c -o user=Dieter,password=mydearpassword,domain=yourhostname
mount: mounting //10.0.75.1/c on /c failed: No such file or directory
/ # cat /proc/fs/cifs/DebugData
Display Internal CIFS Data Structures for Debugging
---------------------------------------------------
CIFS Version 2.08
Features: dfs fscache posix xattr
Active VFS Requests: 0
Servers:
/ # dmesg
...
...
hv_balloon: Data Size is 8
random: nonblocking pool is initialized
nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
aufs au_opts_verify:1597:docker[1339]: dirperm1 breaks the protection by the permission bits on the lower branch
device veth33f503a entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth33f503a: link is not ready
docker0: port 1(veth33f503a) entered forwarding state
docker0: port 1(veth33f503a) entered forwarding state
docker0: port 1(veth33f503a) entered disabled state
IPVS: Creating netns size=1328 id=3
cgroup: docker-runc (3320) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
cgroup: "memory" requires setting use_hierarchy to 1 on the root
eth0: renamed from veth75807f3
IPv6: ADDRCONF(NETDEV_CHANGE): veth33f503a: link becomes ready
docker0: port 1(veth33f503a) entered forwarding state
docker0: port 1(veth33f503a) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
docker0: port 1(veth33f503a) entered forwarding state
/ #

(Manuel Patrone) #59

Dieter, tough nut to crack. It looks like the sharing is not setup under windows. The culprit show up in:
mounting //10.0.75.1/c on /c failed: No such file or directory

  1. ensure shares are available. On a Windows command prompt

    C:\Users\po755>net share
    Share name Resource Remark

    C C:\ Caching disabled
    D D:\ Caching disabled
    E E:\ Caching disabled
    The command completed successfully.

  2. ensure you have access to those shares under your Dieter userid. That is
    net use \\<computername>\C
    must work under your userid. And use the computername instead of domain name in the cifs mount command.


(Dieter Menne) #60

Thanks, Manuel.

>net share

Name         Ressource                       Beschreibung
-------------------------------------------------------------------------------
....
C            C:\                             Zwischenspeicherung deaktiviert (Caching disabled)
D            D:\                             Zwischenspeicherung deaktiviert
E            E:\                             Zwischenspeicherung deaktiviert
...
Der Befehl wurde erfolgreich ausgeführt.  (successfully)

... Name of computer is DieterPC ...
 
>net use \\DieterPC\C
Der Befehl wurde erfolgreich ausgeführt. (success)