Usage of DISM fails inside container due to missing device driver

Question

Usage of DISM fails inside container due to missing device driver

JensNordenbro opened this issue 2 months ago · 10 comments

Describe the bug
Running 'dism /mount-wim /wimfile:"winpe.wim" /mountdir:"c:\MOUNT_DIR" /index:1' inside a container such as mcr.microsoft.com/windows/server:ltsc2022 does not work regardless of isolation mode:

To Reproduce

Expected behavior
It should just work. DISM seems to need WimMount driver and the driver is present inside the Docker image:

However I cannot find it to be installed using 'sc query type=driver'.

Configuration:

Edition: Windows 11 container host
Base Image being used: mcr.microsoft.com/windows/server:ltsc2022 (all of them..)
Container engine: docker
Container Engine version: Docker version 25.0.2, build 29cf629

Additional context
We tried to mount the folder outside container and Docker volume mount it into the container however it does not work for us.

(It is ok if it only works in hyper-V mode as far as I am concerted. I can run in any mode. )
(Maybe there is some argument that can be used to share the HOST driver?)

Answer 1 · 2024-05-15T14:08:25.000Z

Also tried DISM from ADK-installation with the same result:

Answer 2 · 2024-05-20T22:22:28.000Z

@JensNordenbro Hi, I'll try to repro this Issue. In the meantime, can you explain what you're trying to do? If you're trying to mount a volume with files you'll have to do that when you start up the container, not while in it.

Answer 3 · 2024-05-22T21:15:51.000Z

Quick note: I'll be slow to respond this week because of Build but I'll repro it as soon as I can.

Answer 4 · 2024-05-24T07:00:59.000Z

Hi @ntrappe-msft !

I have also tried to mount the wim file outside the container (see text) and volume mount it but using this mount inside the container leads to crashes when doing further dism operations on that volume.

Inside the container, try to do something like "DISM.exe /image:"c:\mount" /Add-Driver /ForceUnsigned /DriverName:"C:\Drivers\1.inf" /DriverName:"C:\Drivers\2.inf" /DriverName:"C:\Drivers\3.inf"" or similar from https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/what-is-dism?view=windows-11

WE can survive not being able to mount a file as folder inside the container as long as the following DISM commands would work, inside the container. I do think it is a bit strange that this is not possible at least inside a Hyper-V backed container where the WM could host all drivers / services need for DISM.

Answer 5 · 2024-06-10T10:22:11.000Z

Any chance to try this out @ntrappe-msft ?

Answer 6 · 2024-06-11T18:21:35.000Z

@JensNordenbro Hi, sorry for the delay. My backlog is too long right now so I'm going to triage this to another engineer.

Answer 7 · 2024-06-11T21:05:21.000Z

Spoke to the other engineers today. What you're trying to do is currently not supported. You're probably encountering issues due to two things: (A) the container can only see a few drivers on the host, wimmount.sys is likely one it cannot and (B) the operation you're trying to do would need to install a driver in a container which isn't permitted.

It is possible to enable this scenario but we'd need more information about your use case. Could you explain what you're trying to do with winpe.wim and the impact of this blocker on your work?

Thanks!