{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《Is it possible to mount an ISO inside a docker con》','https://www.manongdao.com/q-1312269.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using a docker container (based on the official centos:6.4 image) to build an ISO which I then need to mount and verify. I am unable to mount the ISO using:
sudo mount -o loop /path/to/iso /mnt
Gives:
mount: Could not find any loop device. Maybe this kernel does not know
about the loop device? (If so, recompile or `modprobe loop'.)
It looks like the kernel has been compiled without loop device support. Is it possible to build docker images which support loop devices? I couldn't find any information on this, however, looking at this thread it seems that this may be an ongoing topic.
I wonder if there is a way to circumvent this limitation?
To mount an ISO inside a container, you need two things:
By default, Docker locks down both things; that's why you get that error message.
The easiest solution is to start the container in privileged mode:
A more fine-grained solution is to dive down into the devices cgroup and container capabilities to give the required permissions.
Note that you cannot execute privileged operations as part of a Dockerfile; i.e. if you need to mount that ISO in a Dockerfile, you won't be able to do it.
However, I recommend that you have a look at Xorriso and specifically the osirrox tool , which lets you extract files from ISO images just like you would extract a tar file, without requiring any kind of special access, e.g.:
I have a feeling this is not a good way to solve my issue, but this is what I have done for the time being, until a more sane idea presents itself.
My container starts into bash, from this shell I am able to add loop devices using:
and now, I have loop devices available, so I am able to mount an ISO. However, I noticed that the first available loop device for me was
/dev/loop2:this implies that loop0 and loop1 are already in use, this is confirmed by:
and, this is why I think this solution is bad, from outside the container:
So it looks like the first 2 loop devices I created in the container mapped to loop0 and loop1 outside of the container, which is why they were not available for use. I guess there must be a way of setting up these devices with devicemapper (which is being used by docker, by the looks) but I've not been able to turn up much info on this.
For the time being, this solution will be okay for me - I'll just have to be careful to remember to
umountthe image when I'm finished with it.I'm aware that this is far from a sane solution, so if anyone else can come up with a better plan I'm all ears.