This error occurs when Docker tries to write to a filesystem that is mounted as read-only. Common causes include Snap installations, disk space issues, hardware failures, intentional read-only mounts, and volume permission conflicts.
The "Read-only file system" error in Docker indicates that a write operation failed because the target filesystem doesn't allow modifications. This can happen at multiple levels: the Docker daemon storage, container filesystem, or mounted volumes. When Docker reports this error, it means one of these scenarios is occurring: 1. The Docker daemon itself cannot write to its storage directory (usually /var/lib/docker) 2. A container is trying to write to a path that's mounted with read-only permissions 3. The underlying host filesystem has become read-only due to hardware issues or system protection 4. The container is running with the --read-only flag On Linux systems, a filesystem can transition to read-only mode automatically when the kernel detects I/O errors or filesystem corruption. This is a protective measure to prevent data loss. Docker installed via Snap also runs in a sandboxed environment where the host filesystem appears read-only.
On Ubuntu, Docker installed via Snap has restricted filesystem access. Verify your installation method:
# Check if Docker is a snap package
which docker
# If output is /snap/bin/docker, it's a Snap installation
snap list | grep dockerIf Docker is installed via Snap, the host OS appears read-only to Docker. You have two options:
1. Use Snap-compatible paths: /home, /var/snap/docker
2. Reinstall Docker from the official repository (recommended)
# Remove Snap Docker
sudo snap remove docker
# Install from official Docker repository
# Follow: https://docs.docker.com/engine/install/ubuntu/A full disk can cause the filesystem to remount as read-only. Check disk usage:
# Check overall disk usage
df -h
# Check Docker-specific disk usage
docker system df
# Check /var/lib/docker specifically
du -sh /var/lib/docker/*If disk space is low:
# Remove unused Docker resources
docker system prune -a --volumes
# Remove stopped containers
docker container prune
# Remove unused images
docker image prune -a
# Remove unused volumes (WARNING: data loss)
docker volume pruneAfter freeing space, restart Docker:
sudo systemctl restart dockerHardware issues can cause the kernel to remount filesystems as read-only. Check system logs:
# Check for filesystem errors
dmesg | grep -i "read.only\|EXT4-fs error\|I/O error\|aborting journal"
# Check journalctl for Docker-related filesystem issues
journalctl -u docker --since "1 hour ago" | grep -i "read.only\|error"If you see errors like:
- "EXT4-fs error" or "Aborting journal on device"
- "I/O error" or "Buffer I/O error"
- "Remounting filesystem read-only"
This indicates hardware failure. Immediate action required:
1. Backup important data immediately
2. Run filesystem check: sudo fsck -y /dev/sdX (replace with your device)
3. Consider replacing the storage device
Verify the mount status and remount if needed:
# Check if /var/lib/docker is on a read-only mount
mount | grep "$(df /var/lib/docker | tail -1 | awk '{print $1}')"
# Look for "ro" in the output
# Check the specific directory
cat /proc/mounts | grep dockerIf mounted as read-only, try remounting:
# Remount as read-write (replace /dev/sdX with your device)
sudo mount -o remount,rw /
# Or for a specific mount point
sudo mount -o remount,rw /var/lib/dockerNote: If remounting fails, it usually indicates hardware issues or filesystem corruption.
If the error occurs inside a container, check if it's running in read-only mode:
# Check if container has read-only root filesystem
docker inspect CONTAINER_NAME | grep -i "readonly"If you're using docker-compose, check for read-only settings:
# docker-compose.yml
services:
myservice:
image: myimage
read_only: true # This makes the container filesystem read-only
# Or in volumes:
volumes:
- ./data:/app/data:ro # :ro means read-onlyTo fix, either:
1. Remove read_only: true from compose file
2. Change :ro to :rw on volume mounts
3. Use tmpfs for directories that need to be writable:
services:
myservice:
read_only: true
tmpfs:
- /tmp
- /var/runVolume mount conflicts can cause read-only errors. This happens when a parent directory is read-only but a child needs write access:
# Problematic configuration
volumes:
- ./config:/app/config:ro # Parent is read-only
- ./config/cache:/app/config/cache:rw # Child needs write - CONFLICTFix: Don't mark parent directories as read-only if children need write access:
# Solution 1: Remove read-only from parent
volumes:
- ./config:/app/config
- ./config/cache:/app/config/cache
# Solution 2: Use separate, non-nested paths
volumes:
- ./config:/app/config:ro
- ./cache:/app/cache # Different path, no conflictOn Docker Desktop, the Docker VM can become corrupted:
Try restarting Docker Desktop:
1. Right-click Docker icon in system tray/menu bar
2. Select "Restart"
If restart doesn't work, reset the Docker VM:
On Windows:
# Stop Docker Desktop
# Delete the VM state
Remove-Item "$env:APPDATA\Docker\*" -Recurse -Force
# Restart Docker DesktopOn macOS:
# Delete Docker Desktop data (WARNING: removes all containers/images)
rm -rf ~/Library/Containers/com.docker.docker
rm -rf ~/Library/Group\ Containers/group.com.docker
# Restart Docker DesktopDocker Desktop version issues:
Some versions have bugs causing this error. If you recently updated:
1. Downgrade to a previous stable version
2. Check Docker Desktop release notes for known issues
During docker build, bind mounts are read-only by default. If your build fails when trying to write to a mounted directory:
# This mount is read-only by default
RUN --mount=type=bind,source=.,target=/src cp /src/file /app/Solutions:
1. Use rw option (written data is discarded after build):
RUN --mount=type=bind,source=.,target=/src,rw cp /src/file /app/2. Use cache mounts for persistent build data:
RUN --mount=type=cache,target=/root/.cache pip install -r requirements.txt3. Use --output to export files from the build:
docker build --output=type=local,dest=./output .4. Copy files in Dockerfile instead of mounting:
COPY . /src
RUN cp /src/file /app/After making changes, restart Docker and verify the fix:
# Restart Docker daemon
sudo systemctl restart docker
# Wait for Docker to be ready
sleep 5
# Verify Docker is working
docker info
# Test write capability
docker run --rm alpine sh -c "touch /test && echo 'Write test passed'"If the issue persists, check Docker logs:
# View Docker daemon logs
sudo journalctl -u docker -f
# On Docker Desktop, check from GUI:
# Settings > Troubleshoot > View logsKernel filesystem protection:
Linux kernels automatically remount filesystems as read-only when detecting:
- I/O errors indicating hardware failure
- Journal corruption in ext4/xfs filesystems
- RAID array degradation
Check dmesg immediately when you see read-only errors - it often indicates imminent drive failure. Back up data before attempting repairs.
Snap Docker limitations:
Docker via Snap operates in a confined environment. The only writable paths are:
- /home (user home directories)
- /var/snap/docker/common
- /var/snap/docker/current
For production systems, always use Docker from the official repository to avoid these restrictions.
Rootless Docker:
When running rootless Docker, additional filesystem restrictions apply. The storage location is typically ~/.local/share/docker instead of /var/lib/docker. Ensure this location has adequate space and proper permissions.
Overlayfs considerations:
Docker's overlay2 storage driver creates layered filesystems. If the underlying storage becomes read-only, all layers are affected. Check both:
mount | grep overlay
ls -la /var/lib/docker/overlay2/SELinux and AppArmor:
Security modules can also cause write failures that appear similar to read-only errors. Check:
# SELinux
getenforce
ausearch -m avc -ts recent
# AppArmor
aa-status
dmesg | grep apparmorDocker in Docker (DinD):
When running Docker inside Docker, the inner Docker's storage must be on a proper filesystem. Using volume mounts for /var/lib/docker with the --privileged flag is essential:
docker run --privileged -v docker-storage:/var/lib/docker docker:dindimage operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub