docker mount

root@ubuntu:/home/ubuntu# docker run --rm  -it  --name broken-container   --mount type=bind,source=/tmp,target=/usr   nginx:latest
/docker-entrypoint.sh: No files found in /docker-entrypoint.d/, skipping configuration
/docker-entrypoint.sh: 38: exec: nginx: not found

root@ubuntu:/home/ubuntu# docker run --rm  -it  --name broken-container   --mount type=bind,source=/tmp,target=/tmp   nginx:latest
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up

root@ubuntu:/home/ubuntu# docker run --rm  -it  --name broken-container   --mount type=bind,source=/tmp,target=/usr   alpine  sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
5f621e34cdf4: Pull complete 
Digest: sha256:c0e9560cda118f9ec63ddefb4a173a2b2a0347082d7dff7dc14272e7841a5b5a
Status: Downloaded newer image for alpine:latest

Use a read-only bind mount

$ docker run -d 
  -it 
  --name devtest 
  --mount type=bind,source="$(pwd)"/target,target=/app,readonly 
  nginx:latest

root@ubuntu:/usr/share/kata-containers# mount | grep 15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696
tmpfs on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared type tmpfs (ro,relatime,size=26334908k,mode=755)
overlay on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/rootfs type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/L44XBQKKNZZ7M2TPWP7NZNAFIK:/var/lib/docker/overlay2/l/BFAGWXMXDMQ33SNPOSICGMNUJX,upperdir=/var/lib/docker/overlay2/c4f6fc8b65414b2e860721d01512c63f9f7dbf6990797290140b59097924dec0/diff,workdir=/var/lib/docker/overlay2/c4f6fc8b65414b2e860721d01512c63f9f7dbf6990797290140b59097924dec0/work,xino=off)
overlay on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/rootfs type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/L44XBQKKNZZ7M2TPWP7NZNAFIK:/var/lib/docker/overlay2/l/BFAGWXMXDMQ33SNPOSICGMNUJX,upperdir=/var/lib/docker/overlay2/c4f6fc8b65414b2e860721d01512c63f9f7dbf6990797290140b59097924dec0/diff,workdir=/var/lib/docker/overlay2/c4f6fc8b65414b2e860721d01512c63f9f7dbf6990797290140b59097924dec0/work,xino=off)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-4aa5890c17a67752-usr type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-4aa5890c17a67752-usr type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-b7513c7bac125552-resolv.conf type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-b7513c7bac125552-resolv.conf type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-d5e8b883d92b3488-hostname type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-d5e8b883d92b3488-hostname type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-9716e74573d73345-hosts type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-9716e74573d73345-hosts type ext4 (rw,relatime,errors=remount-ro,stripe=64)
root@ubuntu:/usr/share/kata-containers# mount | grep 15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696  | grep usr
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/mounts/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-4aa5890c17a67752-usr type ext4 (rw,relatime,errors=remount-ro,stripe=64)
/dev/sdc3 on /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-4aa5890c17a67752-usr type ext4 (rw,relatime,errors=remount-ro,stripe=64)
root@ubuntu:/usr/share/kata-containers# ls /run/kata-containers/shared/sandboxes/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696/shared/15480e1bb5fd44b5bf78aed8ab6d0ea2c6c8af866310a83a53d74d7ebe28f696-4aa5890c17a67752-usr
10-kubeadm.conf
aarch64-linux-musl-native.tgz
api.tar
controller.tar
coredns.tar
crictl.ERROR
crictl.INFO
crictl.ubuntu.root.log.ERROR.20201013-171458.44256
crictl.ubuntu.root.log.INFO.20201013-171444.44219
crictl.ubuntu.root.log.INFO.20201013-171458.44256
crictl.ubuntu.root.log.INFO.20201016-101429.52684
crictl.ubuntu.root.log.INFO.20201016-120707.59776
crictl.ubuntu.root.log.INFO.20201017-100935.32903
crictl.ubuntu.root.log.INFO.20201017-104330.43016
crictl.ubuntu.root.log.WARNING.20201013-171444.44219
crictl.ubuntu.root.log.WARNING.20201013-171458.44256
crictl.ubuntu.root.log.WARNING.20201016-101429.52684
crictl.ubuntu.root.log.WARNING.20201016-120707.59776
crictl.ubuntu.root.log.WARNING.20201017-100935.32903
crictl.ubuntu.root.log.WARNING.20201017-104330.43016

root@ubuntu:/home/ubuntu#  docker run -d -it --runtime=kata-runtime -v  /root/rootfs/:/containerdir nginx:latest
79e86909d57786b0cf015b73b08dd36fc624eee078c08a1913483136157424e2
root@ubuntu:/home/ubuntu# 

 

https://github.com/kata-containers/runtime/issues/808

host上执行bind

root@ubuntu:/home/ubuntu# ls test/
bb.log  b.txt  x.txt
root@ubuntu:/home/ubuntu# mkdir -p /root/rootfs/mnt_test
root@ubuntu:/home/ubuntu# mount -o bind test /root/rootfs/mnt_test
root@ubuntu:/home/ubuntu# 

root@79e86909d577:/# ls containerdir/
mnt_test  my  vmlinux.bin  xenial.rootfs.ext4
root@79e86909d577:/# ls containerdir/mnt_test/
b.txt  bb.log  x.txt
root@79e86909d577:/#