Mount SMB/CIFS share within a Docker container
Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged
flag with docker run
to disable these security measures.
Further, you can combine --cap-add
and --cap-drop
to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN
capability is the one that grants mount privileges.
- yes
- There is a closed issue mount.cifs within a container
https://github.com/docker/docker/issues/22197
according to which adding
--cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH
to the run options will make mount -t cifs operational.
I tried it out and:
mount -t cifs //<host>/<path> /<localpath> -o user=<user>,password=<user>
within the container then works
You could use the smbclient
command (part of the Samba package) to access the SMB/CIFS server from within the Docker container without mounting it, in the same way that you might use curl
to download or upload a file.
There is a question on StackExchange Unix that deals with this, but in short:
smbclient //server/share -c 'cd /path/to/file; put myfile'
For multiple files there is the -T
option which can create or extract .tar
archives, however this looks like it would be a two step process (one to create the .tar
and then another to extract it locally). I'm not sure whether you could use a pipe to do it in one step.