Docker, mount volumes as readonly

docker-compose

Here is a proper way to specify read-only volume in docker-compose:

Long syntax

version: "3.2" # Use version 3.2 or above
services:
  my_service:
    image: my:image
    volumes:
      - type: volume
        source: volume-name
        target: /path/in/container
        read_only: true
volumes:
  volume-name:

https://docs.docker.com/compose/compose-file/compose-file-v3/#long-syntax-3

Short syntax

Add :ro to the volume mount definition:

version: "3.0" # Use version 3.0 or above
services:
  my_service:
    image: my:image
    volumes:
      - /path/on/host:/path/inside/container:ro

https://docs.docker.com/compose/compose-file/compose-file-v3/#short-syntax-3


You can specify that a volume should be read-only by appending :ro to the -v switch:

docker run -v volume-name:/path/in/container:ro my/image

Note that the folder is then read-only in the container and read-write on the host.

2018 Edit

According to the Use volumes documentation, there is now another way to mount volumes by using the --mount switch. Here is how to utilize that with read-only:

$ docker run --mount source=volume-name,destination=/path/in/container,readonly my/image

docker-compose

Here is an example on how to specify read-only containers in docker-compose:

version: "3"
services:
  redis:
    image: redis:alpine
    read_only: true