1

I have a need to make all folders in the directory read only/read-only/readonly (via volumes) except one specific one

# All read-only
/opt/users_project:/opt/users_project:ro
# except myuser folder
/opt/users_project/myuser:/opt/users_project/myuser

How to do it?

P.S.: No, there is NO answer there (Docker, mount volumes as readonly)!

Avraam
  • 146
  • 1
  • 10
  • https://stackoverflow.com/questions/19158810/docker-mount-volumes-as-readonly – Mr. Dec 27 '21 at 15:54
  • @Mr. Unfortunately, I don't see an exception folder substitution form there( – Avraam Dec 27 '21 at 15:59
  • What are in these directories? Could you `COPY` the `users_project` directory in your Dockerfile, make it owned by root, but then switch `USER` to a non-root user? That would in effect make the code read-only, and let you bind-mount a writeable data directory. – David Maze Dec 27 '21 at 17:43
  • You seem to have already answered it in your question. Can you show the commands you've tried running and errors you are seeing. Make sure it's a [mcve]. – BMitch Dec 27 '21 at 20:40
  • No, there is NO answer there (https://stackoverflow.com/questions/19158810/docker-mount-volumes-as-readonly)! Please remove the duplicate die from here. – Avraam Jan 03 '22 at 14:51

1 Answers1

2

Simply bind-mount the directories with the desired settings:

docker run -v /opt/users_project/:/opt/users_project/:ro -v /opt/users_project/myuser/:/opt/users_project/myuser/:rw your_image

This will first bind-mount /opt/users_project/ and all contained directories read-only into the container. On top of that /opt/users_project/myuser/ is bind-mounted read-write allowing the container to change files in that directory only.

docker will automatically consider nested volumes and always mount the parent volumes first. With docker-compose it works analogously.

acran
  • 7,070
  • 1
  • 18
  • 35