Home Explore Blog CI



docker

3rd chunk of `content/manuals/engine/storage/tmpfs.md`
93a67c1dcb634e2c9cf80c18b11e596ecaffb19d8e9d15f10000000100000809
| `nodiratime` | Does not update directory access times when the directory is accessed.                      |
| `size`       | Specifies the size of the tmpfs mount, for example, `size=64m`.                             |
| `mode`       | Specifies the file mode (permissions) for the tmpfs mount (for example, `mode=1777`).       |
| `uid`        | Specifies the user ID for the owner of the tmpfs mount (for example, `uid=1000`).           |
| `gid`        | Specifies the group ID for the owner of the tmpfs mount (for example, `gid=1000`).          |
| `nr_inodes`  | Specifies the maximum number of inodes for the tmpfs mount (for example, `nr_inodes=400k`). |
| `nr_blocks`  | Specifies the maximum number of blocks for the tmpfs mount (for example, `nr_blocks=1024`). |

```console {title="Example"}
$ docker run --tmpfs /data:noexec,size=1024,mode=1777
```

Not all tmpfs mount features available in the Linux mount command are supported
with the `--tmpfs` flag. If you require advanced tmpfs options or features, you
may need to use a privileged container or configure the mount outside of
Docker.

> [!CAUTION]
> Running containers with `--privileged` grants elevated permissions and can
> expose the host system to security risks. Use this option only when
> absolutely necessary and in trusted environments.

```console
$ docker run --privileged -it debian sh
/# mount -t tmpfs -o <options> tmpfs /data
```

### Options for --mount

The `--mount` flag consists of multiple key-value pairs, separated by commas
and each consisting of a `<key>=<value>` tuple. The order of the keys isn't
significant.

```console
$ docker run --mount type=tmpfs,dst=<mount-path>[,<key>=<value>...]
```

Valid options for `--mount type=tmpfs` include:

| Option                         | Description                                                                                                            |
| :----------------------------- | :--------------------------------------------------------------------------------------------------------------------- |

Title: Docker tmpfs Mount Options with --mount and a Caution about --privileged
Summary
This section elaborates on tmpfs mount options in Docker, focusing on the `--mount` flag and its key-value pair syntax. It lists valid options such as `nodiratime`, `size`, `mode`, `uid`, `gid`, `nr_inodes`, and `nr_blocks` and includes an example. It also cautions against using `--privileged` due to security risks, suggesting it only be used when necessary in trusted environments and provides an alternative example using mount command inside a privileged container. It also specifies that the order of keys with `--mount` is not significant.