Description
The --read-only flag runs containers with a read-only filesystem, so it is not possible to modify the contents. This works in Linux containers, but has no effect on Windows - files can be created and modified even if the --read-only option is used.
Steps to reproduce the issue:
PS> docker container run --read-only microsoft/windowsservercore powershell New-Item c:\newfile.txt
Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 5/6/2017 11:13 AM 0 newfile.txt
```
**Describe the results you received:**
A new file is created, when the container is running as read-only.
**Describe the results you expected:**
An access error, saying the file could not be created.
**Additional information you deem important (e.g. issue happens only occasionally):**
This feature is useful in Windows for the same reasons as Linux - not least, securing the container if the application process is exploited.
**Output of `docker version`:**
```
PS> docker version
Client:
Version: 17.05.0-ce-rc1
API version: 1.29
Go version: go1.7.5
Git commit: 2878a85
Built: Wed Apr 12 19:43:25 2017
OS/Arch: windows/amd64
Server:
Version: 17.05.0-ce-rc1
API version: 1.29 (minimum version 1.24)
Go version: go1.7.5
Git commit: 2878a85
Built: Wed Apr 12 19:43:25 2017
OS/Arch: windows/amd64
Experimental: false
```
**Output of `docker info`:**
```
PS> docker info
Containers: 3
Running: 0
Paused: 0
Stopped: 3
Images: 549
Server Version: 17.05.0-ce-rc1
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: l2bridge l2tunnel nat null overlay transparent
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 14393 (14393.1066.amd64fre.rs1_release_sec.170327-1835)
Operating System: Windows Server 2016 Datacenter
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 15.91GiB
Name: sc-xps-win16
ID: KO37:W2NV:K42T:V4GE:JQOR:TKRU:OF6E:G532:KJ3T:4MUQ:GKSZ:BWNH
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Username: sixeyed
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
```
**Additional environment details (AWS, VirtualBox, physical, etc.):**
Physical Windows Server 2016 machine. Same behaviour seen on Win10 and Win2016 on Azure.
Description
The
--read-onlyflag runs containers with a read-only filesystem, so it is not possible to modify the contents. This works in Linux containers, but has no effect on Windows - files can be created and modified even if the--read-onlyoption is used.Steps to reproduce the issue: