@@ -266,6 +266,30 @@ $ docker container stop devtest
266266$ docker container rm devtest
267267```
268268
269+ ## Recursive mounts
270+
271+ When you bind mount a path that itself contains mounts, those submounts are
272+ also included in the bind mount by default. This behavior is configurable,
273+ using the ` bind-recursive ` option for ` --mount ` . This option is only supported
274+ with the ` --mount ` flag, not with ` -v ` or ` --volume ` .
275+
276+ If the bind mount is read-only, the Docker Engine makes a best-effort attempt
277+ at making the submounts read-only as well. This is referred to as recursive
278+ read-only mounts. Recursive read-only mounts require Linux kernel version 5.12
279+ or later. If you're running an older kernel version, submounts are
280+ automatically mounted as read-write by default. Attempting to set submounts to
281+ be read-only on a kernel version earlier than 5.12, using the
282+ ` bind-recursive=readonly ` option, results in an error.
283+
284+ Supported values for the ` bind-recursive ` option are:
285+
286+ | Value | Description |
287+ | :--------------------| :------------------------------------------------------------------------------------------------------------------|
288+ | ` enabled ` (default) | Read-only mounts are made recursively read-only if kernel is v5.12 or later. Otherwise, submounts are read-write. |
289+ | ` disabled ` | Submounts are ignored (not included in the bind mount). |
290+ | ` writable ` | Submounts are read-write. |
291+ | ` readonly ` | Submounts are read-only. Requires kernel v5.12 or later. |
292+
269293## Configure bind propagation
270294
271295Bind propagation defaults to ` rprivate ` for both bind mounts and volumes. It is
396420
397421- Learn about [volumes](volumes.md).
398422- Learn about [tmpfs mounts](tmpfs.md).
399- - Learn about [storage drivers](/storage/storagedriver/).
423+ - Learn about [storage drivers](/storage/storagedriver/).
0 commit comments