Why might a container with --read-only still fail to start if it tries to write to /var/run without special mounts?

hard📝 Conceptual Q10 of 15

Docker - Security

Why might a container with --read-only still fail to start if it tries to write to /var/run without special mounts?

ABecause the image is missing the <code>/var/run</code> directory

BBecause the container's CPU is too low

CBecause the container lacks network access

DBecause <code>/var/run</code> is inside the read-only root filesystem and not mounted writable

Step-by-Step Solution

Solution:

Step 1: Understand container filesystem behavior
With --read-only, the root filesystem is read-only, so directories like /var/run cannot be written to unless mounted writable.
Step 2: Eliminate unrelated causes
CPU limits, network access, or missing directories do not cause write failures on read-only FS.
Final Answer:
Because /var/run is inside the read-only root filesystem and not mounted writable -> Option D
Quick Check:
Writable mounts needed for write paths on read-only FS [OK]

Quick Trick: Mount writable volumes for runtime directories on read-only FS [OK]

Common Mistakes:

Master "Security" in Docker

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Docker Quizzes