Explain how to mount the file system in the Docker container where the mount is running _docker

Objective

It feels like a lot of people have been asking Docker questions about how to operate a Docker container file system, first I find it very difficult because of the MNT namespace.

In order to log into a Docker container that has already started, we need to do this:

1. Use Nsenter to mount the file system of the entire Docker container on a temporary mount point.
2. Creates a binding mount for a specific directory to use as a volume.
3. Uninstall the temporary mount.

Well, start practicing.

Start an instance of Docker named Charlie:

$ docker Run--name charlie-ti Ubuntu bash

I want to mount the directory/home/jpetazzo/work/docker/docker to/src to my Docker container.

Nsenter

First, you need to nsenter, through the docker-enter help script. Our Docker container is not allowed to do this because we want to mount the file system into the Docker container for security reasons. With Nsenter, we can execute arbitrary commands in the Docker container without interference from any security restrictions, directly acquiring the root permissions of the Docker container, and how to obtain the Docker container.

Install the Nsenter by docker-enter installing Nsenter:

$ docker Run--rm-v/usr/local/bin:/target jpetazzo/nsenter

Using our Docker file system

You want to mount the directory in the host host (/home/jpetazzo/work/docker/docker) in Docker.

To locate the directory for the Docker file system.

First use Readlink to view the mount location of the Docker directory.

$ readlink--canonicalize/home/jpetazzo/work/docker/docker
/home/jpetazzo/go/src/github.com/docker/docker

To set environment variables:

$ hostpath=/home/jpetazzo/work/docker/docker
$ realpath=$ (readlink--canonicalize $HOSTPATH)

To view Docker file system Mount DF:

$ DF $REALPATH
filesystem 1k-blocks Used Available use% mounted on
/sda2  245115308 156692700 86157700 65%/ho Me/jpetazzo

Specifies the environment variable for the specified Docker file system

$ filesys=$ (df-p $REALPATH | tail-n 1 | awk ' {print $} ')

View devices in the Docker container

Because there is no binding mount or use of BTRFS, we will see/proc/mounts to find the device file/home/jpetazzo for this directory.

$ while read DEV MOUNT JUNK
> does [$MOUNT = $FILESYS] && break
> Done </proc/mounts
$ echo $ DEV
/dev/sda2

Locate the mount condition through the device information.

$ while read A B C subroot MOUNT JUNK
> does [$MOUNT = $FILESYS] && break
> doing </proc/self/mo Untinfo 
$ echo $SUBROOT
/jpetazzo

Well, we now know that we need to mount/dev/sda2 to this directory/jpetazzo, from this point to any directory we need.

Set Directory

$ subpath=$ (echo $REALPATH | sed s,^ $FILESYS,,)

View the device number.

$ stat--format "%t%t" $DEV
8 2

Setting Device information

$ devdec=$ (printf "%d%d" $ (stat--format "0x%t 0x%t" $DEV))

Assemble these steps

We just want to verify that the path and host in the Docker container is not a

$ docker-enter Charlie-Sh-c
> "[b $DEV] | | Mknod--mode 0600 $DEV b $DEVDEC "

To create a temporary mount point mount file system

$ docker-enter Charlie--mkdir/tmpmnt
$ docker-enter Charlie--Mount $DEV/tmpmnt

Determine if the file system has a Mount volume

$ docker-enter Charlie--mkdir-p/src
$ docker-enter Charlie--Mount-o bind/tmpmnt/$SUBROOT/$SUBPATH/src

Clean up temporary mount

$ docker-enter Charlie--umount/tmpmnt
$ docker-enter Charlie--Rmdir/tmpmnt

Here is a simple instance script:

 #!/bin/sh set-e Container=charlie Hostpath=/home/jpetazzo/work/docker/docker SRC realpath=$ (readlink--canonicalize $HOSTPATH) filesys=$ (df-p $REALPATH | tail-n 1 | awk ' {print $} ') while read D

EV MOUNT JUNK do [$MOUNT = $FILESYS] && break Done </proc/mounts [$MOUNT = $FILESYS] # sanity check! While read A B C subroot MOUNT JUNK does [$MOUNT = $FILESYS] && break Done </proc/self/mountinfo [$MOUNT = $

Filesys] # Moar Sanity check! subpath=$ (echo $REALPATH | sed s,^ $FILESYS,,) devdec=$ (printf "%d%d" $ (stat--format "0x%t 0x%t" $DEV)) Docker-enter $CO Ntainer--sh-c \ "[b $DEV] | | Mknod--mode 0600 $DEV b $DEVDEC "Docker-enter $CONTAINER--mkdir/tmpmnt docker-enter $CONTAINER--Mount $DEV/tmpmnt D
Ocker-enter $CONTAINER--mkdir-p $CONTPATH docker-enter $CONTAINER--Mount-o bind/tmpmnt/$SUBROOT/$SUBPATH $CONTPATH Docker-enter $CONTAINER--umount/tmpmnt docker-enter $CONTAINER--Rmdir/tmpmnt 

Summarize

The above is the entire content of this article, I hope the content of this article for everyone's study or work can bring certain help, if you have questions you can message exchange.