Why I don't have rw access to /run which is mounted as tmpfs in docker?

Question

❯ docker run -d -it --name debian --mount type=tmpfs,destination=/run,tmpfs-mode=1777 --mount type=tmpfs,destination=/tmp,tmpfs-mode=1777 debian bash


❯ docker exec -it debian ls -lrtd /run /tmp
  drwxrwxrwt 2 root root 40 Jul 27 14:06 /tmp
  drwxr-xr-x 2 root root 40 Jul 27 14:06 /run

Here, why is tmpfs-mode=1777 is not getting applied to the /run alone?
It works perfectly fine for other directories.
Any specific reason here?

Answer 1

I believe that since /run already exists, the permissions of that directory are being applied to the tmpfs mount. The same thing is happening with /tmp, but since the permissions on the underlying /tmp directory already match what you want you don't notice it.

You can verify this by creating tmpfs mounts on other directories (e.g., /root). You'll see that they adopt the permissions of the mountpoint.

If you really need the permissions on /run to be different, you could build a new image with your desired permissions on /run (or just run chmod once the container is running).