Mount image filesystem

[lachmanfrantisek]

Is this a BUG REPORT or FEATURE REQUEST?:

/kind feature

Description

It would be nice to be able to mount the filesystem of the image with podman mount.

Is there some easy way to achieve this? (Now, I am doing podman create + podman mount.)

Thanks.

[mheon]

This is possible with containers/storage, though I believe the mounts will have to be read-only given that there's no container associated with them - if you want to alter the filesystem and make new images, you could have to create a container and podman commit after mounting and changing.

[lachmanfrantisek]

@mheon Thanks, the read-only state is what I need.

For now, podman create+podman mount is easier than building the containers-storage cli.

It would be nice to have it in podman mount directly. (in the future)

[rhatdan]

@nalind WDYT?

[sghosh151]

Would be nice to be able to do this inside a container. usage: Deploy a container scanning tool in a image - image receives API call, downloads image (ephemeral), mounts image, examines filesystems - returns result on API

[mheon]

Rootless podman inside of the container should do what you need once mounting images is implemented, especially given there's no real need to share storage between podman in the image and podman outside of the image.

[rhatdan]

Right, you can do this now by just running podman inside of container.

[baude]

should we just implement this with a container create and a mount?

[mheon]

Do we need to? I think c/storage might support mounting images already, in which case it's just wiring up a command to do the heavy lifting

[rhatdan]

@nalind How hard would this be to do? Just mount the image layer Read/Only?

[rhatdan]

I think this could be done, fairly easily but we would need interfaces added to containers/storage to mount an image read/only with no upper container. If someone wants to look into this it would be great.

[rhatdan]

Still no one has worked on this one for a year. I am adding some support for mounting container storage read/only in https://github.com/containers/storage/pull/404

[kunalkushwaha]

If no one is working on this, I can work on this.

I think this could be done, fairly easily but we would need interfaces added to containers/storage to mount an image read/only with no upper container.

Can this be done with a dummy container config without new top layer, which will be deleted with umount?

[rhatdan]

It could be, but it would seem better to just be able to mount the image read/only.

[vrothberg]

@kunalkushwaha, are you planning to work on that?

I'm going through old issues and do some cleanups.

[kunalkushwaha]

Hi @vrothberg Yes, I started working on this now.

/assign

[github-actions[bot]]

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

[rhatdan]

@kunalkushwaha I still working on this, correct?

[kunalkushwaha]

@rhatdan Yes, I am working on this. The https://github.com/containers/storage/pull/438 & https://github.com/containers/libpod/pull/4209 PRs to fix this issue.

Once c/storage have ImageMount() interface, #4209 can be fixed.

[rhatdan]

The storage PR needs a rebase.

[rhatdan]

@ashley-cui PTAL

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

I have a PR up for this one. https://github.com/containers/podman/pull/6851

[baude]

this can now be done by podman