Mount SMB/CIFS share within a Docker container

Solution 1:

Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged flag with docker run to disable these security measures.

Further, you can combine --cap-add and --cap-drop to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN capability is the one that grants mount privileges.

Solution 2:

1. yes
2. There is a closed issue mount.cifs within a container

https://github.com/docker/docker/issues/22197

according to which adding

--cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH

to the run options will make mount -t cifs operational.

I tried it out and:

mount -t cifs //<host>/<path> /<localpath> -o user=<user>,password=<user>

within the container then works

Solution 3:

You could use the smbclient command (part of the Samba package) to access the SMB/CIFS server from within the Docker container without mounting it, in the same way that you might use curl to download or upload a file.

There is a question on StackExchange Unix that deals with this, but in short:

smbclient //server/share -c 'cd /path/to/file; put myfile'

For multiple files there is the -T option which can create or extract .tar archives, however this looks like it would be a two step process (one to create the .tar and then another to extract it locally). I'm not sure whether you could use a pipe to do it in one step.

Solution 4:

You can use a Netshare docker volume plugin which allows to mount remote CIFS/Samba as volumes.