I created a container with volume mount to /dev/xvda1:/dev/xvda1 but when I tried to mount it to a folder it doesn't work:
root@ubuntu:/# docker run -v /dev/xvda1:/dev/xvda1 --cap-add=SYS_ADMIN --security-opt apparmor=unconfined --security-opt seccomp=unconfined --rm -it ubuntu bash
root@690798858fcf:/# mkdir /mnt0
root@690798858fcf:/# ls /dev
console core fd full mqueue null ptmx pts random shm stderr stdin stdout tty urandom xvda1 zero
root@690798858fcf:/# mount /dev/xvda1 /mnt0
mount: /mnt0: /dev/xvda1 already mounted on /etc/resolv.conf.
root@690798858fcf:/# umount /dev/xvda1
root@690798858fcf:/# mount /dev/xvda1 /mnt0
mount: /mnt0: /dev/xvda1 is not a block device; try "-o loop".
root@690798858fcf:/# mount -o loop /dev/xvda1 /mnt0
mount: /mnt0: mount failed: Operation not permitted.
If I create it with --privileged flag it works:
root@ubuntu:/# docker run --privileged --cap-add=SYS_ADMIN --security-opt apparmor=unconfined --security-opt seccomp=unconfined --rm -it ubuntu bash
root@aa36dd8be903:/# mkdir /mnt0
root@aa36dd8be903:/# mount /dev/xvda1 /mnt0
root@aa36dd8be903:/#
Why -v /dev/xvda1:/dev/xvda1 is not enough?
Info about my system:
# ubuntu image
root@ubuntu:/# uname -r
5.4.0-1034-aws
root@ubuntu:/# docker -v
Docker version 20.10.7, build f0df350
My colleague found the solution.
Mount was incorrect use. I needed to use the --device switch:
docker run --device=/dev/xvda1 --cap-add=SYS_ADMIN --security-opt apparmor=unconfined --security-opt seccomp=unconfined --rm -it ubuntu bash