What is a Bind Mount

A bind mount maps a specific file or directory from the host filesystem into a container. Unlike a volume, which is managed by the container runtime, a bind mount references an exact host path that you choose.

How it works

When you run docker run -v /home/user/app:/app nginx, Docker mounts /home/user/app from the host into the container at /app. Changes made inside the container at /app are immediately visible on the host, and vice versa — it is the same directory, not a copy.

Bind mounts use the Linux mount --bind mechanism, which creates a second mount point for an existing directory. The container's mount namespace includes this bind mount alongside the overlayfs root filesystem.

Bind mounts bypass the union filesystem and have native I/O performance. They can mount single files (not just directories) and can be read-only (-v /host/path:/container/path:ro).

The risk: bind mounts expose host filesystem paths to the container. A misconfigured bind mount can give a container write access to sensitive host directories. Volumes are safer because the runtime manages the storage location.

Why it matters

Bind mounts are essential during development — mount your source code into a container to see changes immediately without rebuilding the image. In production, volumes are preferred because they are portable, managed by the runtime, and do not depend on specific host directory structures.

See How Containers Work for how bind mounts and volumes compare.

This concept appears in

How Containers Work — Process Isolation, Not Virtual Machines

Referenced by

Containers FAQ

What is a Bind Mount

How it works

Why it matters

Related

This concept appears in

Referenced by