爲什麼mount命令是一個碼頭工人容器

Question

如何避免在這個泊塢窗會話結束時以下錯誤消息中禁用：

$ docker run -it ubuntu /bin/bash 
root@b3bcdc4551f5:/# ls 
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var 
root@b3bcdc4551f5:/# cd home/ 
root@b3bcdc4551f5:/home# ls 
root@b3bcdc4551f5:/home# mkdir 1 
root@b3bcdc4551f5:/home# mkdir 2 
root@b3bcdc4551f5:/home# mount --bind 1 2 
mount: block device /home/1 is write-protected, mounting read-only 
mount: cannot mount block device /home/1 read-only 

更新：

$ docker run --cap-add=SYS_ADMIN -it ubuntu /bin/bash 
root@1a6c069a8589:/# cd home/ 
root@1a6c069a8589:/home# mkdir 1 
root@1a6c069a8589:/home# mkdir 2 
root@1a6c069a8589:/home# mount --bind 1 2 
mount: block device /home/1 is write-protected, mounting read-only 
mount: cannot mount block device /home/1 read-only 
root@1a6c069a8589:/home# exit 
$ docker run --cap-add=ALL -it ubuntu /bin/bash 
root@1e04bcd81fee:/# cd home/ 
root@1e04bcd81fee:/home# mkdir 1 
root@1e04bcd81fee:/home# mkdir 2 
root@1e04bcd81fee:/home# mount --bind 1 2 
mount: block device /home/1 is write-protected, mounting read-only 
mount: cannot mount block device /home/1 read-only 
root@1e04bcd81fee:/home# exit 

--privileged是所有雖然。

Answer 1

自答案:)使用 '--security-opt apparmor:unconfine d'
禁用的AppArmor會工作。

編號：issue 16429

Answer 2

嘗試按照推薦的issue 9950：

你不能調用安裝，除非你有CAP_SYS_ADMIN，這是不提供默認容器配置。
你需要docker run --cap-add SYS_ADMIN