1

I have a ubuntu 20.04 server running docker. Recently the default apparmor profile seems to have started enforcing a restriction on mount points in docker containers. So the containers write directly to the root filesystem rather than the mount.

Outside of docker I can navigate the mounts with no issues but when executing a shell in containers it is as if the mount points are not mounted.

I have narrowed this down to being caused by apparmor and disabling apparmor allows mounting and everything works as I would expect. The containers seem to be using the docker-default profile.

My question is: how do I enable mounting in docker container either on a global basis or on individual containers. I would rather not have to completely disable apparmor for this issue?

Improve this question

1 Answer 1

Reset to default
1

So it turns out my issue was actually with Docker starting before filesystems were mounted. I believe I can alter the systemd file for docker to delay starting until my mounts are in place. The containers were binding to the mount point as a directory and writing directly to the root filesystem.

Incidentally you can change the apparmor profile used for containers with the security_opt option and load in a new profile with apparmor-parser. My containers didn't have mount but nor should they need it if the mounts are already in place.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.