tmpfs mounts
Volumes and bind mounts let you share files between the host machine and container so that you can persist data even after the container is stopped.
If you're running Docker on Linux, you have a third option: tmpfs mounts.
When you create a container with a tmpfs mount, the container can create
files outside the container's writable layer.
As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only
persisted in the host memory. When the container stops, the tmpfs mount is
removed, and files written there won't be persisted.
This is useful to temporarily store sensitive files that you don't want to persist in either the host or the container writable layer.
Limitations of tmpfs mounts
- Unlike volumes and bind mounts, you can't share
tmpfsmounts between containers. - This functionality is only available if you're running Docker on Linux.
- Setting permissions on tmpfs may cause them to reset after container restart. In some cases setting the uid/gid can serve as a workaround.
Choose the --tmpfs or --mount flag
In general, --mount is more explicit and verbose. The biggest difference is
that the --tmpfs flag does not support any configurable options.
--tmpfs: Mounts atmpfsmount without allowing you to specify any configurable options, and can only be used with standalone containers.--mount: Consists of multiple key-value pairs, separated by commas and each consisting of a<key>=<value>tuple. The--mountsyntax is more verbose than--tmpfs:- The
typeof the mount, which can bebind,volume, ortmpfs. This topic discussestmpfs, so the type is alwaystmpfs. - The
destinationtakes as its value the path where thetmpfsmount is mounted in the container. May be specified asdestination,dst, ortarget. - The
tmpfs-sizeandtmpfs-modeoptions. See tmpfs options.
- The
The examples below show both the --mount and --tmpfs syntax where possible,
and --mount is presented first.
Differences between --tmpfs and --mount behavior
- The
--tmpfsflag does not allow you to specify any configurable options. - The
--tmpfsflag cannot be used with swarm services. You must use--mount.
Use a tmpfs mount in a container
To use a tmpfs mount in a container, use the --tmpfs flag, or use the
--mount flag with type=tmpfs and destination options. There is no
source for tmpfs mounts. The following example creates a tmpfs mount at
/app in a Nginx container. The first example uses the --mount flag and the
second uses the --tmpfs flag.
$ docker run -d \
-it \
--name tmptest \
--mount type=tmpfs,destination=/app \
nginx:latest
$ docker run -d \
-it \
--name tmptest \
--tmpfs /app \
nginx:latest
Verify that the mount is a tmpfs mount by looking in the Mounts section of
the docker inspect output:
$ docker inspect tmptest --format '{{ json .Mounts }}'
[{"Type":"tmpfs","Source":"","Destination":"/app","Mode":"","RW":true,"Propagation":""}]
Stop and remove the container:
$ docker stop tmptest
$ docker rm tmptest
Specify tmpfs options
tmpfs mounts allow for two configuration options, neither of which is
required. If you need to specify these options, you must use the --mount flag,
as the --tmpfs flag does not support them.
| Option | Description |
|---|---|
tmpfs-size | Size of the tmpfs mount in bytes. If unset, the default maximum size of a tmpfs volume is 50% of the host's total RAM. |
tmpfs-mode | File mode of the tmpfs in octal. For instance, 700 or 0770. Defaults to 1777 or world-writable. |
The following example sets the tmpfs-mode to 1770, so that it is not
world-readable within the container.
docker run -d \
-it \
--name tmptest \
--mount type=tmpfs,destination=/app,tmpfs-mode=1770 \
nginx:latest
Next steps
- Learn about volumes
- Learn about bind mounts
- Learn about storage drivers