2 years ago

#42524

test-img

Kwoq

Docker mounts /etc/hosts files from host system to container

I met with such a problem for myself. I have a need to limit the disk space inside the container. At the moment, I started using the "--storage-opt size=4G" option to limit disk space, but when I then execute the "df -h" command in the container, I see that the hosts file is mounted from the host system and has a full amount of disk space that is not equal to the allocated space in the "--storage-opt size=4G" option.

root@b74761f5e0bf:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay         4.0G   16K  4.0G   1% /
tmpfs            64M     0   64M   0% /dev
tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
shm              64M     0   64M   0% /dev/shm

> /dev/sdb1        16G  447M   16G   3% /etc/hosts

tmpfs           2.0G     0  2.0G   0% /proc/acpi
tmpfs           2.0G     0  2.0G   0% /proc/scsi
tmpfs           2.0G     0  2.0G   0% /sys/firmware

The problem is that when I start writing to the host file, I have the opportunity to fill 100% of the disk space of the host system.

For example:

cat /dev/urandom > /etc/hosts

Result of the executed command

root@b74761f5e0bf:/# cat /dev/urandom > /etc/hosts
cat: write error: No space left on device
root@b74761f5e0bf:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay         4.0G   20K  4.0G   1% /
tmpfs            64M     0   64M   0% /dev
tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
shm              64M     0   64M   0% /dev/shm

> /dev/sdb1        16G   16G   84K 100% /etc/hosts

tmpfs           2.0G     0  2.0G   0% /proc/acpi
tmpfs           2.0G     0  2.0G   0% /proc/scsi
tmpfs           2.0G     0  2.0G   0% /sys/firmware

I noticed that when I do not docker

# docker inspect container_name

output:

        "ResolvConfPath": "/mnt/docker/containers/b74761f5e0bf334d9e1c77f1423a57272dede65bb5ab37ca81e91c645f3096ff/resolv.conf",
        "HostnamePath": "/mnt/docker/containers/b74761f5e0bf334d9e1c77f1423a57272dede65bb5ab37ca81e91c645f3096ff/hostname",
        "HostsPath": "/mnt/docker/containers/b74761f5e0bf334d9e1c77f1423a57272dede65bb5ab37ca81e91c645f3096ff/hosts",

I see fields ResolvConfPath,HostnamePath,HostsPath.

Which are responsible for this mounting. But I can't find solutions on how to avoid this mounting in the documentation and on similar questions. Does anyone know how I can manage this mount to avoid the described problem?

An option that I can use quickly, but which does not suit me, is to mount my hosts file from the host system and set it to read-only mode

System information:

  • Docker version 20.10.12, build e91ed57
  • Ubuntu 20.04.3 LTS (Focal Fossa)
  • Type file system xfs

docker

volume

hosts

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs