tmpfs mounts
Volumes and bind mounts let you share files between the host machine and container so that you can persist data even after the container is stopped.
If you're running Docker on Linux, you have a third option: tmpfs mounts. When you create a container with a tmpfs mount, the container can create files outside the container's writable layer.
As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only persisted in the host memory. When the container stops, the tmpfs mount is removed, and files written there won't be persisted.
tmpfs mounts are best used for cases when you do not want the data to persist either on the host machine or within the container. This may be for security reasons or to protect the performance of the container when your application needs to write a large volume of non-persistent state data.
Important
tmpfs mounts in Docker map directly to tmpfs in the Linux kernel. As such, the temporary data may be written to a swap file, and thereby persisted to the filesystem.
Mounting over existing data
If you create a tmpfs mount into a directory in the container in which files or
directories exist, the pre-existing files are obscured by the mount. This is
similar to if you were to save files into /mnt
on a Linux host, and then
mounted a USB drive into /mnt
. The contents of /mnt
would be obscured by
the contents of the USB drive until the USB drive was unmounted.
With containers, there's no straightforward way of removing a mount to reveal the obscured files again. Your best option is to recreate the container without the mount.
Limitations of tmpfs mounts
- Unlike volumes and bind mounts, you can't share tmpfs mounts between containers.
- This functionality is only available if you're running Docker on Linux.
- Setting permissions on tmpfs may cause them to reset after container restart. In some cases setting the uid/gid can serve as a workaround.
Syntax
To mount a tmpfs with the docker run
command, you can use either the
--mount
or --tmpfs
flag.
$ docker run --mount type=tmpfs,dst=<mount-path>
$ docker run --tmpfs <mount-path>
In general, --mount
is preferred. The main difference is that the --mount
flag is more explicit and supports all the available options.
The --tmpfs
flag cannot be used with swarm services. You must use --mount
.
Options for --mount
The --mount
flag consists of multiple key-value pairs, separated by commas
and each consisting of a <key>=<value>
tuple. The order of the keys isn't
significant.
$ docker run --mount type=tmpfs,dst=<mount-path>[,<key>=<value>...]
Valid options for --mount type=tmpfs
include:
Option | Description |
---|---|
destination , dst , target | Size of the tmpfs mount in bytes. If unset, the default maximum size of a tmpfs volume is 50% of the host's total RAM. |
tmpfs-size | Size of the tmpfs mount in bytes. If unset, the default maximum size of a tmpfs volume is 50% of the host's total RAM. |
tmpfs-mode | File mode of the tmpfs in octal. For instance, 700 or 0770 . Defaults to 1777 or world-writable. |
$ docker run --mount type=tmpfs,dst=/app,tmpfs-size=21474836480,tmpfs-mode=1770
Options for --tmpfs
The --tmpfs
flag does not let you specify any options.
Use a tmpfs mount in a container
To use a tmpfs
mount in a container, use the --tmpfs
flag, or use the
--mount
flag with type=tmpfs
and destination
options. There is no
source
for tmpfs
mounts. The following example creates a tmpfs
mount at
/app
in a Nginx container. The first example uses the --mount
flag and the
second uses the --tmpfs
flag.
$ docker run -d \
-it \
--name tmptest \
--mount type=tmpfs,destination=/app \
nginx:latest
$ docker run -d \
-it \
--name tmptest \
--tmpfs /app \
nginx:latest
Verify that the mount is a tmpfs
mount by looking in the Mounts
section of
the docker inspect
output:
$ docker inspect tmptest --format '{{ json .Mounts }}'
[{"Type":"tmpfs","Source":"","Destination":"/app","Mode":"","RW":true,"Propagation":""}]
Stop and remove the container:
$ docker stop tmptest
$ docker rm tmptest
Next steps
- Learn about volumes
- Learn about bind mounts
- Learn about storage drivers