Bind mounts with shared mount propogation don't work

[segevfiner]

• I have tried with the latest version of my channel (Stable or Edge)
• I have uploaded Diagnostics
• Diagnostics ID:

Expected behavior

The following works:

mkdir /tmp/foo
docker run --rm -it -v /tmp/foo:/foo:shared ubuntu:bionic

Actual behavior

It fails with the following error:

docker: Error response from daemon: linux mounts: path /foo is mounted on /foo but it is not a shared mount.

Information

• macOS Version: 10.14.2

This is due to the osxfs mounts inside the HyperKit VM being mounted with private mount propagation. Entering the VM with screen and changing that using nsenter and mount --make-shared makes this work until you reboot the VM:

nsenter -t $(pgrep docker-init) -m mount --make-shared /tmp

Diagnostic logs

Docker for Mac: 2.0.0.0-mac81 (29211)

Steps to reproduce the behavior

mkdir /tmp/foo
docker run --rm -it -v /tmp/foo:/foo:shared ubuntu:bionic

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[lots0logs]

/remove-lifecycle stale

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[lots0logs]

/remove-lifecycle stale

[ameyuuno]

@segevfiner Hi. Did you fix this problem with shared volume? If yes, how did you do that?

[lots0logs]

I used the workaround described by the OP (using nsenter)

[ameyuuno]

@lots0logs can you explain your solution?
I want to use google-drive-ocamlfuse on my Mac via Docker, but it uses :shared volume, and I do not understand how to make it works on Mac((

[freshpomelo]

Hello everyone,
It seems that I also have this issues.

I searched in Google, it seems that we could set MountFlags to "shared"
https://success.docker.com/article/not-a-shared-mount-error.
But I don't know how to do it on MacOS.

[segevfiner]

Workaround

screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
mount --make-shared <mount_point>
# Ctrl-a Ctrl-\

You will need to do this on each Docker for Mac restart.

[lots0logs]

/remove-lifecycle stale

[lots0logs]

/lifecycle frozen

[scodeman]

Any chance to get a fix delivered on this one ?

[scodeman]

If using compose you can instantiate a small container image that makes the mount sharing work in the LinuxKit VM prior running the other containers.

Below worked for me:

./shared-mount/Dockerfile

FROM alpine:latest
ENV  MOUNTDIR=/mnt
CMD  nsenter -t $(pgrep docker-init) -m -- mount --verbose --make-shared ${MOUNTDIR}

./docker-compose.yml

---
version: '3.7'

services:
  shared-mount:
    build:
      context: ./shared-mount
    privileged: true
    stdin_open: true
    tty: true
    pid: "host"
    environment:
      - MOUNTDIR=/mnt
  listing-mount:
    image: "alpine:latest"
    command: ls /mnt
    depends_on:
        - shared-mount
    volumes:
      - type: bind
        source: "/mnt"
        target: "/mnt"
        bind:
         propagation: rshared
         consistency: delegated
         nocopy: true

[bugs181]

Trying to figure out how to do this. My result:

docker-desktop:~# mount --make-shared /Users/levi/Desktop/docker/.../data
mount: /Users/levi/Desktop/docker/.../data: mount point does not exist.

[ghost]

Reproduced in one line:

docker run --rm -it -v /tmp:/mnt/tmp:shared alpine sh

@segevfiner Re: Your workaround on Big Sur I get Operation not permitted running screen on the tty with sudo. Any ideas? Took me some time to find this issue.

I believe this may be the root cause of k3d-io/k3d#366

---

Docker Desktop 2.5.0.1
Darwin Kernel Version 20.2.0

[segevfiner]

Docker for Mac changed things so that tty file no longer works. Try this to get a shell into the machine instead:

docker run -it --rm --privileged --pid=host justincormack/nsenter1

Might be enough then to just:

mount --make-shared /tmp

As that nsenter1 container might lend you in the docker daemon's namespace.

[jawadqur]

I think this has resurfacced and not fixed yet in docker for mac. I can't use bind volumes on Mac.

[caugner]

This issue also affects Docker for Windows, both inside WSL2 and outside.

edit: For me, a workaround was to run sudo mount --make-shared <path>

[mathieumuller]

This issue also affects Docker for Windows, both inside WSL2 and outside.

edit: For me, a workaround was to run sudo mount --make-shared <path>

Same issue for me today on WSL2, I tried @caugner workaround but it seems my path is not a valid mount point, does anyone have any other idea?

edit: I disabled the experimental feature "use Docker Compose V2" of my docker desktop and it is good now

[caugner]

edit: I disabled the experimental feature "use Docker Compose V2" of my docker desktop and it is good now

For me, I had the issue even with that experimental feature was always disabled. Or they enabled it with an update, and disabled it again, without my interaction.

PS: I ran sudo mount --make-shared /, independently of the specific volume path, and that worked.

[sivang]

I'm also looking to do a shared bind mount (to be able to capture source checkout and modifications from inside the container to the outside host) to no avail with almost every command / docker-compose combination here and in other resources on the web.
Is there a plan to fix this or work on this "feature" to make this consistent with the Linux behavior?

[GuerrillaCoder]

I ran into this issue and the actual reason was trailing slash "/" at end of path. I removed it and no longer got the error message. Leaving here in case anyone else googles the error and ends up here

[nrukavkov]

Any change to be fixed?