moby: Shared subtrees not working under Debian
I’m having issues getting the new --volume /mnt/shared:/shared:shared feature of 1.10 working (from #17034).
root@testhost:~# uname -a
Linux testhost 3.18.5-031805-generic #201501292218 SMP Fri Jan 30 03:19:17 UTC 2015 x86_64 GNU/Linux
root@testhost:~# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 9
Server Version: 1.10.0-dev
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: host bridge null
Kernel Version: 3.18.5-031805-generic
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 1.899 GiB
Name: loxflix
ID: RNAT:QYNF:66KE:DSN5:NRPC:ITAA:6G3M:WMR2:JABB:CPGO:ZN7O:FAVU
Debug mode (server): true
File Descriptors: 13
Goroutines: 31
System Time: 2016-01-24T08:45:00.139001319Z
EventsListeners: 0
Init SHA1: b84242d186971c8111d1f9de77b7c476bc049614
Init Path: /usr/lib/docker/dockerinit
Docker Root Dir: /var/lib/docker
Labels:
provider=generic
Experimental: true
root@testhost:~# findmnt -o TARGET,PROPAGATION /mnt/testhost
TARGET PROPAGATION
/mnt/shared shared
root@testhost:~# docker run --rm -it --volume /mnt/shared:/data:shared ubuntu:14.04
docker: Error response from daemon: Cannot start container 6859ea4fc2f23130da7e72f301c9a82528c6e78e406b6f68261d000410ad6960: Path /mnt/shared is mounted on /mnt/shared but it is not a shared mount..
I had this working under ubuntu. One of the key differences I noted was that mount indicated that the mount /shared had -o bind where as under debian, it doesn’t seem to.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 31 (19 by maintainers)
Commits related to this issue
- Work around docker/docker#19625 — committed to kubernetes-retired/kubernetes-anywhere by errordeveloper 8 years ago
- Fix link to docker/docker#19625 — committed to kubernetes-retired/kubernetes-anywhere by errordeveloper 8 years ago
- Unset MountFlags in docker.service systemd directives Required to allow bind propegation options to be set on individual bind-mounts. See https://github.com/moby/moby/issues/19625. Also https://acce... — committed to openstack/puppet-tripleo by olliewalsh 7 years ago
- Unset MountFlags in docker.service systemd directives Required to allow bind propegation options to be set on individual bind-mounts. See https://github.com/moby/moby/issues/19625. Also https://acce... — committed to openstack/puppet-tripleo by olliewalsh 7 years ago
You can override the MountFlags value in the default unit with a systemd drop-in directory. e.g.:
so you don’t have to modify the default unit, which might get reset during a docker upgrade.
If anybody runs into this later, here are a few useful commands.
(In my case, one had been installed into
/etcbut I was still editing the system-wide one in/lib)Make sure that
MountFlagsissharedor absent from the unit fileMake sure that your unit file doesn’t enable PrivateTmp=, PrivateDevices=, ProtectSystem=, ProtectHome=, ReadOnlyDirectories=, InaccessibleDirectories= or ReadWriteDirectories= (because those will automatically switch the
MountFlagstoslave). See systemd docs.Check the status of your mounts in the namespace of the Engine itself:
(This allowed me to confirm that it was set to
private,slaveinstead ofshared)(This allowed me to confirm that the Engine was in its own namespace.)
I hope this helps!
Consider this example:
This should work. If it’s not working, I’d suspect something about the mount that is actually at /mnt/shared?
@lox The dir being shared needs to be flagged as shared as well (or it’s parent needs to be shared).