Docker - Run mount shared command when starting container

LXD
1

Hi, I’m having issue with Docker as I’m not getting shared folder.

I found a workaround after the container is started by running

lxc exec mycontainer – mount --make-shared /

But after container restart this is lost and I need to run it again, I tried adding lxc.hook.mount to execute a command or a shell script without success.

Can you point me to the right direction?

I’m adding these two profiles when starting the container.

name: rke-main
config:
boot.autostart: “true”
linux.kernel_modules: br_netfilter,ip6_udp_tunnel,ip_set,ip_set_hash_ip,ip_set_hash_net,iptable_filter,iptable_nat,iptable_mangle,iptable_raw,nf_conntrack_netlink,nf_conntrack,nf_conntrack_ipv4,nf_defrag_ipv4,nf_nat,nf_nat_ipv4,nf_nat_masquerade_ipv4,nfnetlink,udp_tunnel,veth,vxlan,x_tables,xt_addrtype,xt_conntrack,xt_comment,xt_mark,xt_multiport,xt_nat,xt_recent,xt_set,xt_statistic,xt_tcpudp
raw.lxc: |
lxc.apparmor.profile=unconfined
lxc.mount.auto=proc:rw sys:rw cgroup:rw
lxc.cgroup.devices.allow=a
lxc.cap.drop=
security.nesting: “true”
security.privileged: “true”
limits.cpu: 2
limits.cpu.allowance: 50ms/100ms
limits.memory: 4GB
limits.memory.swap: “false”
description: “RKE controlplane”
devices:
eth0:
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
aadisable:
path: /sys/module/nf_conntrack/parameters/hashsize
source: /sys/module/nf_conntrack/parameters/hashsize
type: disk
aadisable1:
path: /sys/module/apparmor/parameters/enabled
source: /dev/null
type: disk
aadisable2:
path: /dev/kmsg
source: /dev/kmsg
type: disk
aadisable3:
path: /sys/fs/bpf
source: /sys/fs/bpf
type: disk

name: docker
config:
linux.kernel_modules: overlay,aufs
raw.lxc: |-
lxc.apparmor.profile = unconfined
lxc.cgroup.devices.allow = a
lxc.mount.auto=proc:rw sys:rw
lxc.cap.drop =
security.nesting: “true”
security.privileged: “true”

I’m running this to install Docker

lxc exec mycontainer – bash -c ‘curl https://releases.rancher.com/install-docker/19.03.sh | sh’
lxc exec mycontainer – sudo usermod -aG docker dockeruser
lxc exec mycontainer – systemctl daemon-reload
lxc exec mycontainer – systemctl restart docker.service

Inside the container to test if shared folder is working

docker run -it -v /mnt:/mnt:shared busybox sh -c /bin/date

2

Setting mountFlags doesn’t work as well.

systemctl show docker.service | grep MountFlags
MountFlags=shared
systemctl show containerd.service | grep MountFlags
MountFlags=shared