Docker, mount volumes as readonly

I am working with Docker,and I want to mount a dyanmic folder that changes a lot (so I do not have to make dockers for each ones execution, which would be too costly), but I want that folder to be readonly. Changing the folder owners to someone else works however chown requires root access, which I would not prefer to expose to an application.

When I use -v flag to mount, it gives whatever the username I give, I created a non root user inside the docker image, however all the files in the volume with the owner as the user that ran docker, changes into the user I give from commandline, so I cannot make readonly files and folders. How can I prevent this?

  • Using docker-compose with GELF log driver
  • Docker container with entrypoint variable expansion and CMD parameters
  • Run a docker hub container on bluemix without crashing (No valid host was found)
  • Multiple docker servers using same containers
  • What are the best practices for tagging Docker Hub versions
  • Jhipster application development with Docker and gulp
  • I also added mustafa ALL=(docker) NOPASSWD: /usr/bin/docker, so I could change to another user via terminal, but still the files have permissions for my user.

  • Kubernetes can not get its own cluster IP
  • Nginx and uwsgi connection refused when placed in separate docker containers
  • How to speed up running docker-container with node.js?
  • Docker-compose Predis not connection via PHP
  • Vagrant docker shellinit?
  • Running Ruby Sinatra inside a Docker container not able to connect (via Mac host) or find commands (in different scenario)?
  • One Solution collect form web for “Docker, mount volumes as readonly”

    You can specify that a volume should be read-only by appending :ro to the -v switch:

    docker run -v /path/on/host:/path/on/container:ro my/image
    

    Note that the folder is then read-only in the container and read-write on the host.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.