diff options
| author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2017-04-03 09:57:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2017-04-03 10:09:14 +0000 |
| commit | 622fe63eb37f957ee5c29684e24f1d2d636fd086 (patch) | |
| tree | a676a1cd790b291222041918fad77bd59f381a16 /lib/container/start | |
| parent | Allowing multiple container commands to be executed in a row. (diff) | |
| download | compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.tar.xz compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.zip | |
Adding support for bind-ro nspawn option for read-only bind mounts.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
| -rwxr-xr-x | lib/container/start | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/container/start b/lib/container/start index 0009fd0..014e859 100755 --- a/lib/container/start +++ b/lib/container/start @@ -221,6 +221,27 @@ then done fi + BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BIND_RO}" ] + then + BINDS_RO="$(echo ${BIND_RO} | sed -e 's|;| |g')" + + for BIND_RO in ${BINDS_RO} + do + DIRECTORY="$(echo ${BIND_RO} | awk -F: '{ print $1 }')" + + mkdir -p "${DIRECTORY}" + done + + BIND_RO="" + + for DIRECTORIES in ${BINDS_RO} + do + BIND_RO="${BIND_RO} --bind ${DIRECTORIES}" + done + fi + BOOT="$(awk -F= '/^boot=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo yes)" case "${BOOT}" in @@ -437,7 +458,7 @@ case "${START}" in *) # Run - ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} + ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} # Post hooks for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" |