Hacker News new | ask | show | jobs
by general_failure 4054 days ago
I have never managed the readonly container to work.

/var/run needs to be writable. /tmp needs to be writable and so on. I gave it a shot again today:

$ docker run --read-only=true -ti ubuntu:14.10 touch /tmp/foo

touch: cannot touch '/tmp/foo': Read-only file system

How is this supposed to work? There is little to no information on how this feature works. Can you give me a pointer?

In addition, restart:on-failure appears to have issues if docker itself crashes.
1 comments
kentonv 4054 days ago
Once inside the container, you need to mount a tmpfs at /tmp, and another one at /run (which /var/run usually links to).

E.g.:

    mount -t tmpfs -o size=256M tmpfs /tmp
(I'm not sure if/how you can make Docker do this automatically. I'd imagine there's a flag or something.)
link
doomrobo 4054 days ago
You could use the CMD keyword in the Dockerfile to ensure that that's run every time the container is started
link