Accessing raw dd images in a Docker Linux container
I was backing up a Linux server of mine the other day and I wanted to have a full backup (along with regular tar.gz backups) of the main disk mounted on the /dev/sda partition.
You can backup your partition using dd with a command such as dd if=/dev/sda | dd of=/home/archive/disk.img
If everything works, you will get an output similar to below:
|
1 2 3 |
4096000+0 records in 4096000+0 records out 2097152000 bytes (2.1 GB) copied, 371.632 seconds, 5.6 MB/s |
I was then looking to mount that backup raw image in order to check if everything was OK. You can do that by using the loop device in Linux. A loop device is a pseudo (“fake”) device (actually just a file) that acts as a block-based device1.
My main OS is Windows and I did not have access to a Linux machine quickly. I also don’t have (yet) setup WSL on my machine (yes I know I know :-)). I then had an idea that if I want a quick *nix system, I can fallback to using Docker. I opened up a terminal, started a container with an image of Debian (bullseye) and mounted a volume so that I could access my raw image:
|
1 |
docker run -it --rm --name debian -v c:/path/to/my/image/folder:/data debian:bullseye |
I then ran the following inside the container:
|
1 |
mkdir /backupdisk && mount -o loop /data/backup.img /backupdisk |
Happy that I will be able to access my raw image, I get the following error:
mount: /backupdisk: mount failed: Operation not permitted.
It turns out you need to start your container with the --privileged flag on. This flag will allow you to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host2.
Final command:
|
1 |
docker run -it --rm --name debian -v c:/path/to/my/image/folder:/data --privileged debian:bullseye |
Voilà! I was then able to freely browse through my image.
