summaryrefslogtreecommitdiffstats
path: root/lib/container/start
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2016-03-12 06:32:19 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2016-03-31 14:30:16 +0000
commit39fd32080205aebe8a59936b9b6a76ae04b6f047 (patch)
tree5edd37d3ff17f577f58f7b1eb5aacc0393f45ce6 /lib/container/start
parentAdding container limit command. (diff)
downloadcompute-tools-39fd32080205aebe8a59936b9b6a76ae04b6f047.tar.xz
compute-tools-39fd32080205aebe8a59936b9b6a76ae04b6f047.zip
Adding capability and drop-capability config option.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-xlib/container/start26
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/container/start b/lib/container/start
index dc84f94..0588db5 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -156,9 +156,33 @@ then
;;
esac
+ CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ case "${CAPABILITY}" in
+ "")
+ CAPABILITY=""
+ ;;
+
+ *)
+ CAPABILITY="--capability=${CAPABILITY}"
+ ;;
+ esac
+
DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})"
DIRECTORY="--directory ${DIRECTORY}"
+ DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ case "${DROP_CAPABILITY}" in
+ "")
+ DROP_CAPABILITY=""
+ ;;
+
+ *)
+ DROP_CAPABILITY="--drop-capability=${DROP_CAPABILITY}"
+ ;;
+ esac
+
MACHINE="--machine=${NAME}"
NETWORK_BRIDGE="$(awk -F= '/^network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
@@ -211,4 +235,4 @@ then
fi
# Run
-${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${DIRECTORY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}
+${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}