Is it possible to mount a tmpfs on top of a read-only bind mount with docker run?
This works:
docker run --rm -it -v "$PWD:/x" --tmpfs /x/y -w /x alpine:latest sh
This fails:
docker run --rm -it -v "$PWD:/x:ro" --tmpfs /x/y -w /x alpine:latest sh
Error (line breaks mine):
docker: Error response from daemon: OCI runtime create failed:
container_linux.go:380:
starting container process caused:
process_linux.go:545:
container init caused:
rootfs_linux.go:76:
mounting "tmpfs" to rootfs at "/x/y" caused:
mkdir /var/lib/docker/overlay2/91a0f0934fbaa8cd1fc2c322feca2912f68af2a7520df3a49a5f129153ac8627/merged/x/y:
read-only file system: unknown.
I tried providing the bind mount after the tmpfs and also tried replacing --tmpfs ... with --mount type=tmpfs,destination=... but got the same error.
Mounting the tmpfs inside the other mount will create a mountpoint directory inside the other mount, which seems to be the reason why read-only mounting the containing directory won't work.