Will this command mount the host's '/data* directory to the ubuntu container in read-only mode? Solution. 'docker run -add-volume /data /mydata -read-only ubuntu'
Correct Answer: B
Explanation = The command docker run -add-volume /data /mydata -read-only ubuntu will not mount the host's /data directory to the ubuntu container in read-only mode. The reason is that the command has several syntax errors and invalid options. The correct command to mount a host directory to a container in read-only mode is docker run --mount type=bind,source=/data,target=/mydata,readonly ubuntu12. The command docker run -add-volume /data /mydata -read-only ubuntu has the following problems: * The option -add-volume is not a valid option for docker run. The valid options for mounting a volume or a bind mount are --mount or -v12. * The option -read-only is not a valid option for docker run. The valid option for making the container's root filesystem read-only is --read-only3. However, this option will not affect the mounted volumes or bind mounts, which have their own readonly option12. * The argument /data /mydata is not a valid argument for docker run. The argument for docker run should be the command to run inside the container, such as bash or ping4. The source and target of the volume or bind mount should be specified in the --mount or -v option, separated by a colon12. Therefore, the command docker run -add-volume /data /mydata -read-only ubuntu will not work as intended, and will likely produce an error message or an unexpected result. References: * Use bind mounts * Use volumes * docker run * Docker run reference
Question 157
Will this command display a list of volumes for a specific container? Solution: docker volume logs nginx --containers'
Correct Answer: B
Explanation This command will not display a list of volumes for a specific container, because it has several syntax errors and invalid options. According to the official documentation, there is no such command as docker volume logs or such option as --containers. References: https://docs.docker.com/engine/reference/commandline/volume/
Question 158
Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory? Solution: seccomp
Correct Answer: A
Explanation = Seccomp is a Linux kernel feature that allows you to restrict the actions available within the container. By using a seccomp profile, you can limit the system calls that a container can make, thus enhancing its security and isolation. Docker has a default seccomp profile that blocks some potentially dangerous system calls, such as mount, reboot, or ptrace. You can also pass a custom seccomp profile for a container using the --security-opt option. Seccomp can limit a container's access to host resources, such as CPU or memory, by blocking or filtering system calls that affect those resources, such as setpriority, sched_setaffinity, or mlock. References: * Seccomp security profiles for Docker * Hardening Docker Container Using Seccomp Security Profile
