Docker - Security
You want to run a container with a read-only filesystem but allow writing only to
/app/logs. Which command correctly achieves this?You want to run a container with a read-only filesystem but allow writing only to /app/logs. Which command correctly achieves this?
hard📝 Best Practice Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Understand read-only with writable folder
The container filesystem is read-only, but mounting a host directory as a volume at/app/logsmakes that folder writable.Step 2: Evaluate options
docker run --read-only -v /host/logs:/app/logs alpine uses--read-onlyplus a volume mount for writable logs. docker run --read-only --tmpfs /app/logs alpine uses tmpfs which is temporary and not persistent. docker run -v /host/logs:/app/logs alpine lacks--read-only. docker run --read-only alpine has no writable folder.Final Answer:
docker run --read-only -v /host/logs:/app/logs alpine -> Option DQuick Check:
Volume mount +--read-only= writable folder [OK]
Quick Trick: Use volume mount with
--read-only for writable folders [OK]Common Mistakes:
- Using tmpfs when persistence is needed
- Forgetting
--read-onlyflag - Expecting writable without volume or tmpfs
Master "Security" in Docker
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Docker Quizzes