Can --mount support type=local ?

[xzxiaoshan]

Can --mount support type=local? It can be directly attached to the local path of the host, which is used to share the read and write mount data in container building. It is like multiple Linux can share the read and write files through nfs.

Is there such a plan? Or how can such a function be realized?

3Q~

[xzxiaoshan]

Or whether you can add the parameter force=true or others for --mount=type=cahe to prevent it from being cleaned under the condition of docker build --no-cache.

@tonistiigi

[leason00]

I have the same needs. How do you solve this? @xzxiaoshan

[jedevc]

Why is --mount type=bind not sufficient for this use case? That's how you can attach files from the client host into buildkit.

[leason00]

Why is --mount type=bind not sufficient for this use case? That's how you can attach files from the client host into buildkit.

Because you need to modify the file. In my scene, there are pip package caches on local host path. The build process uses these caches. After building, these caches also need to be updated. @jedevc

[jedevc]

If you want cached files, then the way to do that is with --mount type=cache. If you really want these files copied to the host, you need to explicitly export them using the --output flag.

Buildkit doesn't support mounting arbitrary file paths on the host, and probably won't - this would allow a dockerfile to write to any location on the host filesystem which would be a security issue - see https://github.com/moby/buildkit/blob/master/PROJECT.md#client:

Buildctl does not allow access to any directories or file paths that are not explicitly set by the user with command line arguments. The untrusted BuildKit daemon does not have any way to access files that were not listed.

[leason00]

https://github.com/moby/buildkit/blob/master/PROJECT.md#client

Docker container can modify the host directory when it is running, but the tool that builds the image is worried about the security problems caused by this mount？ @jedevc