Mounting nfs shares inside docker container

Question

Does anyone know how to mount nfs share inside docker container with centos base image? I\'ve tried this command:

mount server:/dir /mount/point

Answer 1

For the second option listed in the accepted answer, I'm not sure if you have actually tried to use the "docker run -v" command to pass a NFS share on the host to docker container as a volume. I have recently tried to do so, below is the info for the nfs share on host:

nfs-server:/path_to_mount on /path_dest type nfs

and then:

docker run -it -v /path_dest:/path_in_docker docker_name bash

But the docker daemon always reports below error:

docker: Error response from daemon: stat /path_dest: permission denied.

After many searches, I found that the error actually comes from docker daemon, which is running as "root". When docker runs a container with volume to mount, it will request docker daemon to mount it. The problem is, NFS server will handle "root" differently. By default, NFS server will map the "root" to "nobody", causing the error message: reference

Answer 2

I mount the nfs on docker container, thanks for @helmbert .

1. Run a docker container with the --privileged=true flag.

   $ docker run -it --privileged=true centos:7 bash
   [root@f7915ae635aa /]# yum install -y nfs-utils
   

2. Install the nfs tool package and mount nfs on CentOS.

   [root@f7915ae635aa /]# yum install -y nfs-utils
   [root@f7915ae635aa /]# mount -t nfs example.tw:/target/ /srv -o nolock
   

3. Show mount of the nfs server.

   [root@f7915ae635aa /]# showmount example.tw
   Hosts on example.tw:
   10.10.10.1
   10.10.10.2
   

Answer 3

By adding --cap-add sys_admin flag to client container wasn't enough for me. I was getting error:

mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 1.2.3.4:/exports

After hours of research I've found that it looks like full privilege --privileged is needed to mount correctly inside docker container ..

Also don't forget to install necessary nfs client packages inside your docker container. On debian based containers:

apt-get install -y nfs-common

Answer 4

For using mount, you'll need the CAP_SYS_ADMIN capability, which is dropped by Docker when creating the container.

There are several solutions for this:

1. Start the container with the --cap-add sys_admin flag. This causes Docker to retain the CAP_SYS_ADMIN capability, which should allow you to mount a NFS share from within the container. This might be a security issue; do not do this in untrusted containers. [A previous version of this answer suggested using the --privileged=true to retain all capabilities, thanks to @earcam for the suggestion to use --cap-add instead].

2. Mount the NFS share on the host and pass it into the container as a host volume:

   you@host > mount server:/dir /path/to/mount/point
   you@host > docker run -v /path/to/mount/point:/path/to/mount/point
   

3. Use a Docker volume plugin (like the Netshare plugin) to directly mount the NFS share as a container volume:

   you@host > docker run \
     --volume-driver=nfs \
     -v server/dir:/path/to/mount/point \
     centos
   

Answer 5

Starting from docker 17.06, you can mount NFS shares to the container directly when you run it, without the need of extra capabilities

export NFS_VOL_NAME=mynfs NFS_LOCAL_MNT=/mnt/mynfs NFS_SERVER=my.nfs.server.com NFS_SHARE=/my/server/path NFS_OPTS=vers=4,soft

docker run --mount \
  "src=$NFS_VOL_NAME,dst=$NFS_LOCAL_MNT,volume-opt=device=:$NFS_SHARE,\"volume-opt=o=addr=$NFS_SERVER,$NFS_OPTS\",type=volume,volume-driver=local,volume-opt=type=nfs" \
  busybox ls $NFS_LOCAL_MNT

Alternatively, you can create the volume before the container:

docker volume create --driver local \
  --opt type=nfs --opt o=addr=$NFS_SERVER,$NFS_OPTS \
  --opt device=:$NFS_SHARE $NFS_VOL_NAME

docker run --rm -v $NFS_VOL_NAME:$NFS_LOCAL_MNT busybox ls $NFS_LOCAL_MNT

Got the hint from https://github.com/moby/moby/issues/28809