I'm creating docker images that will later be used on a Kubernetes with tight settings:
For test purposes I can emulate 1) with a read_only: true in the docker-compose config. I then have to add some directories for places with write activity, such as /run and /var. But if I try to use a tmpfs as shown here the directory is owned by root:
drwxr-xr-x 2 root root 40 Nov 27 11:05 /var
Is there a secret option to make it drwxrwxrwx? Is there an alternative (besides plain disk directories)?
Running:
You can specify a tmpfs mode:
docker run -d \
-it \
--name tmptest \
--mount type=tmpfs,destination=/app,tmpfs-mode=1770 \
nginx:latest
https://docs.docker.com/storage/tmpfs/#specify-tmpfs-options
With the older 2.x compose file syntax, you can specify it like:
version: "2.4"
services:
my_app:
image: my_app
read_only: true
restart: always
tmpfs:
- /run:mode=770,size=1k,uid=200,gid=10000
https://github.com/docker/cli/issues/698#issuecomment-429688027
For the 3.x syntax, with the long format volume definition, you'll want to follow this issue: