Dockerdevops~30 mins

Read-only filesystem containers in Docker - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Read-only Filesystem Containers

📖 Scenario: You are working on a Docker project where security is important. You want to run a container that cannot change its files. This means the container's filesystem should be read-only. This helps protect the container from accidental or harmful changes.

🎯 Goal: You will create a Docker container with a read-only filesystem. You will start with a simple Dockerfile, then add a configuration to make the container's filesystem read-only, and finally run the container to see the effect.

📋 What You'll Learn

Create a Dockerfile with a base image and a simple command

Add a configuration to run the container with a read-only filesystem

Run the container and verify the filesystem is read-only

Print the result of trying to write a file inside the container

💡 Why This Matters

🌍 Real World

Running containers with read-only filesystems is common in production to reduce risks of accidental or malicious changes inside containers.

💼 Career

DevOps engineers and system administrators use read-only containers to improve security and stability of applications running in Docker.

Progress0 / 4 steps

Create a Dockerfile with a base image

Create a file named Dockerfile with the content: FROM alpine and CMD ["/bin/sh", "-c", "echo Hello World"].

Docker

# Create a Dockerfile with FROM alpine and CMD to echo Hello World
# Your code here

Need a hint?

Use FROM alpine as the base image. Use CMD ["/bin/sh", "-c", "echo Hello World"] to print a message.

Add a read-only flag to the container run command

Add a variable run_command with the value docker run --rm --read-only alpine /bin/sh -c "echo Hello World" to run the container with a read-only filesystem.

Docker

FROM alpine
CMD ["/bin/sh", "-c", "echo Hello World"]

# Add a variable run_command with the docker run command including --read-only
# Your code here

Need a hint?

Use --read-only flag in the docker run command to make the container filesystem read-only.

Try to write a file inside the read-only container

Add a variable write_test_command with the value docker run --rm --read-only alpine /bin/sh -c "touch /testfile" to test writing a file inside the container.

Docker

FROM alpine
CMD ["/bin/sh", "-c", "echo Hello World"]

run_command = "docker run --rm --read-only alpine /bin/sh -c \"echo Hello World\""

# Add a variable write_test_command to try creating a file inside the container
# Your code here

Need a hint?

Use the touch /testfile command inside the container to try creating a file.

Run the write test and print the error message

Add a print statement that runs write_test_command using os.popen and prints the output to show the error caused by the read-only filesystem.

Docker

FROM alpine
CMD ["/bin/sh", "-c", "echo Hello World"]

run_command = "docker run --rm --read-only alpine /bin/sh -c \"echo Hello World\""
write_test_command = "docker run --rm --read-only alpine /bin/sh -c \"touch /testfile\""

# Run the write_test_command and print the output
# Your code here

Need a hint?

Use os.popen(write_test_command).read() to run the command and capture the output. Then print it.