diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2016-03-12 06:32:19 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2016-03-31 14:30:16 +0000 |
commit | 39fd32080205aebe8a59936b9b6a76ae04b6f047 (patch) | |
tree | 5edd37d3ff17f577f58f7b1eb5aacc0393f45ce6 /lib/container/start | |
parent | Adding container limit command. (diff) | |
download | compute-tools-39fd32080205aebe8a59936b9b6a76ae04b6f047.tar.xz compute-tools-39fd32080205aebe8a59936b9b6a76ae04b6f047.zip |
Adding capability and drop-capability config option.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-x | lib/container/start | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/container/start b/lib/container/start index dc84f94..0588db5 100755 --- a/lib/container/start +++ b/lib/container/start @@ -156,9 +156,33 @@ then ;; esac + CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + case "${CAPABILITY}" in + "") + CAPABILITY="" + ;; + + *) + CAPABILITY="--capability=${CAPABILITY}" + ;; + esac + DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})" DIRECTORY="--directory ${DIRECTORY}" + DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + case "${DROP_CAPABILITY}" in + "") + DROP_CAPABILITY="" + ;; + + *) + DROP_CAPABILITY="--drop-capability=${DROP_CAPABILITY}" + ;; + esac + MACHINE="--machine=${NAME}" NETWORK_BRIDGE="$(awk -F= '/^network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)" @@ -211,4 +235,4 @@ then fi # Run -${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${DIRECTORY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} +${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} |