---
layout: docs
page_title: volume_mount Block - Job Specification
description: |-
  The "volume_mount" block allows the task to specify where a group "volume"
  should be mounted.
---

# `volume_mount` Block

<Placement groups={['job', 'group', 'task', 'volume_mount']} />

The `volume_mount` block allows the task to specify how a group
[`volume`][volume] should be mounted into the task.

```hcl
job "docs" {
  group "example" {
    volume "certs" {
      type = "host"
      read_only = true
      source = "ca-certificates"
    }

    task "example" {
      volume_mount {
        volume      = "certs"
        destination = "/etc/ssl/certs"
        propagation_mode = "private"
      }
    }
  }
}
```

The Nomad client will make the volumes available to tasks according to this
configuration, and it will fail the allocation if the client configuration
updates to remove a volume that it depends on.

## `volume_mount` Parameters

- `volume` `(string: "")` - Specifies the group volume that the mount is going
  to access.

- `destination` `(string: "")` - Specifies where the volume should be mounted
  inside the task's allocation.

- `read_only` `(bool: false)` - When a group volume is writeable, you may
  specify that it is `read_only` on a per mount level using the `read_only`
  option here.

- `propagation_mode` `(string: "private")` - Specifies the mount propagation
  mode for nested volumes. Possible values are:

    - `private` - the task is not allowed to access nested mounts.

    - `host-to-task` - allows new mounts that have been created outside of the
    task to be visible inside the task.

    - `bidirectional` - allows the task to both access new mounts from the host
    and also create new mounts. This mode requires `ReadWrite` permission.

    ~> **Warning:** `bidirectional` propagation mode can be dangerous to use
    and cause problems in the host operating system if a task creates a mount
    but does not clean it up properly before exiting.

- `selinux_label``(string: "")` - Specifies the SELinux label for the mount.
  This is only supported on Linux hosts and when supported by the task driver. Refer to the task driver documentation for more information. Possible 
  values are:

  - `Z` -  Specifies that the volume content is private and unshared between 
    containers.
  - `z` - Specifies that the volume content is shared among containers.

For examples of how to use [HCL2] interpolation for fine-grained control of
volumes, see [Volume Interpolation].

[volume]: /nomad/docs/job-specification/volume 'Nomad volume Job Specification'
[volume interpolation]: /nomad/docs/job-specification/volume#volume-interpolation
[hcl2]: /nomad/docs/job-specification/hcl2