tmpfs docker is the third option for the users who are running Docker on Linux. when tmpfs docker is used for creating a container then the container can create files outside of its writable layer.

Bobcares answers all questions no matter the size, as part of our Docker hosting support Service

Let us take a look at tmpfs docker and its functions in detail

concept tmpfs in category docker

Set the mount flag’s type option to tmpfs. This is the simplest method for mounting a memory-based filesystem into the file tree of a container. Have a look at this command:

1234docker run --rm \
--mount type=tmpfs,dst=/tmp \
--entrypoint mount \
alpine:latest -v

The command creates a blank tmpfs device and attaches it to the new container’s /tmp file tree. Any files created under this file tree will be in memory storage rather than on disk. Furthermore, the mount point is created with sensible defaults for common workloads. Running the command will display a list of all the container’s mount points. The following line will appear on the list:

tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime)

This line explains the mount-point configuration. It indicates the following:

1. At /tmp, a tmpfs device is mounted to the tree.
2. The device has a tmpfs filesystem.
3. The tree is read/write capable.
4. On every file in this tree, suid bits will be disregarded.
5. This tree’s files won’t be treated as any special devices.
6. There won’t be any executable files in this tree.
7. If file access times are older than the current modify or change time, they will be updated

The tmpfs device will also come with no size restrictions by default and be world-writable. (has file permissions 1777 in octal). Two additional options, tmpfs-size, and tmpfs-mode allow the user to modify the file mode and set a size restriction.

1234docker run --rm \
--mount type=tmpfs,dst=/tmp,tmpfs-size=16k,tmpfs-mode=1770 \ --entrypoint mount \
alpine:latest -v

This command limits the tmpfs device mounted at /tmp to 16 KB and is not readable by other in-container users.

Docker, once again, provides secrets to applications in the form of files mounted to a container-specific, in-memory, read-only tmpfs filesystemSecrets are stored in the container’s filesystem by default in the /run/secrets directory. This method of delivering secrets to applications avoids several leakage issues that arise when secrets are provided to applications as environment variables.

Use tmpfs mounts

Users can share files between the host machine and the container using volumes and bind mounts. It enables them to keep data even after the container has been stopped. If the user is running Docker on Linux, a third option is available: tmpfs mounts. When a user generates a container with a tmpfs mound then the container can create files outside of the container’s writable layer.

Unlike volumes and bind mounts, tmpfs mounts are only temporary and are only stored in the host memory. When the container exits, the tmpfs mount is removed, and any files written there are lost.

This is useful for temporarily storing sensitive files that the user does not want to persist in the writable layer of either the host or the container.

Limitations of tmpfs mounts

Tmpfs mounts, unlike volumes and bind mounts, cannot be shared between containers. This feature is only available if Docker is running on Linux.

Choose the –tmpfs or –mount flag

—mount is more explicit and verbose in general. The most notable distinction is that the —tmpfs flag does not support any configurable options.

—tmpfs: Mounts a tmpfs mount without allowing you to specify any configurable options; this option is only available with standalone containers.

Use a tmpfs mount in a container

Use the —tmpfs flag or the —mount flag with type=tmpfs and destination options to use a tmpfs mount in a container. There are no sources for tmpfs mounts available. The example below creates a tmpfs mount at /app in an Nginx container. In an Nginx container, the example below creates a tmpfs mount at the location /app.

--mount --tmpfs

docker run -d \
-it \
--name tmptest \
--mount type=tmpfs,destination=/app \
nginx:latest

Run docker container inspect tmptest and check the Mounts section to confirm that the mount is a tmpfs mount:

"Tmpfs": {
"/app": ""
},

Remove the container:

docker container stop tmptest
docker container rm tmptest

Specify tmpfs options

There are two configuration options available for tmpfs mounts, neither of which is necessary. If the user needs to specify these options, the —mount flag must be used because the —tmpfs flag does not support them.

tmpfs-size: The tmpfs mount’s size in bytes. By default, it is unlimited.

tmpfs-mode: The tmpfs file mode is octal. For example, 700 or 0770. The value defaults to 1777 or is world-writable.

The following example sets the tmpfs-mode to 1770, making it unreadable from within the container.

docker run -d\
-it
--name tempest\
--mount type=tempfs, destination=/app,tempfs=1770\
nginx:latest

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude the tmpfs docker is the third docker container management option for Linux users that lets the container build files outside of its writable layer.