Adding support for bind-ro nspawn option for read-only bind mounts.

Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
author: Daniel Baumann <daniel.baumann@open-infrastructure.net> 2017-04-03 09:57:55 +0000
committer: Daniel Baumann <daniel.baumann@open-infrastructure.net> 2017-04-03 10:09:14 +0000
commit: 622fe63eb37f957ee5c29684e24f1d2d636fd086 (patch)
tree: a676a1cd790b291222041918fad77bd59f381a16 /lib/container/create
parent: Allowing multiple container commands to be executed in a row. (diff)
download: compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.tar.xz
compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.zip
1 files changed, 21 insertions, 3 deletions
diff --git a/lib/container/create b/lib/container/create
index 54cbb1d..b4fc5e9 100755
--- a/lib/container/create
+++ b/lib/container/create
@@ -27,7 +27,7 @@ SCRIPTS="/usr/share/container-tools/scripts"
 
 Parameters ()
 {
-	GETOPT_LONGOPTIONS="name:,cnt.auto:,cnt.overlay:,bind:,capability:,drop-capability:script:,"
+	GETOPT_LONGOPTIONS="name:,cnt.auto:,cnt.overlay:,bind:,bind-ro:,capability:,drop-capability:script:,"
 	GETOPT_OPTIONS="n:,b:,c:,d:,s:,"
 
 	PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
@@ -63,6 +63,11 @@ Parameters ()
 				shift 2
 				;;
 
+			--bind-ro)
+				BIND_RO="${2}"
+				shift 2
+				;;
+
 			-c|--capability)
 				CAPABILITY="${2}"
 				shift 2
@@ -93,7 +98,7 @@ Parameters ()
 
 Usage ()
 {
-	echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
+	echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
 	exit 1
 }
 
@@ -151,7 +156,7 @@ do
 	fi
 done
 
-# Creating bind mounts
+# Creating rw bind mounts
 if [ -n "${BIND}" ]
 then
 	BINDS="$(echo ${BIND} | sed -e 's|;| |g')"
@@ -164,6 +169,19 @@ then
 	done
 fi
 
+# Creating ro bind mounts
+if [ -n "${BIND_RO}" ]
+then
+	BINDS="$(echo ${BIND_RO} | sed -e 's|;| |g')"
+
+	for BIND_RO in ${BINDS_RO}
+	do
+		DIRECTORY="$(echo ${BIND_RO} | awk -F: '{ print $1 }')"
+
+		mkdir -p "${DIRECTORY}"
+	done
+fi
+
 # Creating overlay mounts
 if [ -n "${CNT_OVERLAY}" ]
 then
author	Daniel Baumann <daniel.baumann@open-infrastructure.net>	2017-04-03 09:57:55 +0000
committer	Daniel Baumann <daniel.baumann@open-infrastructure.net>	2017-04-03 10:09:14 +0000
commit	622fe63eb37f957ee5c29684e24f1d2d636fd086 (patch)
tree	a676a1cd790b291222041918fad77bd59f381a16 /lib/container/create
parent	Allowing multiple container commands to be executed in a row. (diff)
download	compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.tar.xz compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.zip