lundi 7 novembre 2016

WSL Docker: Mounts behaviour

Introduction

WSL and Docker client have been now around for quite some time. Crazy people like me, even got them working together.
Of course, the initial thought was to install the Docker daemon on WSL, and we very rapidly got to the conclusion that it was not possible right now.

Now, while doing some tests, I came to one situation that might be interesting/helpful to know: when mounting a path from WSL, actually what is being mounted is actually ... something else!

The Facts

Before I go into the demo, please remember "how" everything is being connected together.

Components:

  1. Docker daemon running inside MobyLinuxVM on Hyper-V
  2. Docker client running inside WSL on pProcess (port 2375 exported)
  3. Docker Proxy (1.12 beta) that actually manages the communication from the Docker Clients to the Docker Daemon(s)

Demo:

Ok, enough with the theory, here is the demo. I split it in 2 distinct containers.

Phase 1 - First Container


  1. [WSL] Create a directory and a file inside it
  2. [WSL] Run a new Ubuntu container with the directory mounted
  3. [Docker] List the content of the directory mounted
  4. [Docker] Create a file inside the mounted directory
  5. [Docker] Exit the container
Result: not really what we wanted to achieve. Let's jump into the next Phase

Phase 2 - Second Container


  1. [WSL] Run a new Ubuntu container with the directory mounted
  2. [Docker] List the content of the directory mounted
  3. [Docker] Exit the container
Result: surprise, actually the file created inside the first container is the one we see and resides inside the MobyLinuxVM

Conclusion

Actually, the really intelligent persons working @Docker, blocked the capabilities of the mounts (of course, SECURITY FIRST!)
So, if someone too curious tries to mount a system FS (i.e. root for fun), then here is what can be seen:

Hopefully, in the future, even WSL mounts will be possible.

>>> Nunix out <<<


Aucun commentaire:

Enregistrer un commentaire