summaryrefslogtreecommitdiffstats
path: root/lib/container/start
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2017-04-03 09:57:55 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2017-04-03 10:09:14 +0000
commit622fe63eb37f957ee5c29684e24f1d2d636fd086 (patch)
treea676a1cd790b291222041918fad77bd59f381a16 /lib/container/start
parentAllowing multiple container commands to be executed in a row. (diff)
downloadcompute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.tar.xz
compute-tools-622fe63eb37f957ee5c29684e24f1d2d636fd086.zip
Adding support for bind-ro nspawn option for read-only bind mounts.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-xlib/container/start23
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/container/start b/lib/container/start
index 0009fd0..014e859 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -221,6 +221,27 @@ then
done
fi
+ BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BIND_RO}" ]
+ then
+ BINDS_RO="$(echo ${BIND_RO} | sed -e 's|;| |g')"
+
+ for BIND_RO in ${BINDS_RO}
+ do
+ DIRECTORY="$(echo ${BIND_RO} | awk -F: '{ print $1 }')"
+
+ mkdir -p "${DIRECTORY}"
+ done
+
+ BIND_RO=""
+
+ for DIRECTORIES in ${BINDS_RO}
+ do
+ BIND_RO="${BIND_RO} --bind ${DIRECTORIES}"
+ done
+ fi
+
BOOT="$(awk -F= '/^boot=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo yes)"
case "${BOOT}" in
@@ -437,7 +458,7 @@ case "${START}" in
*)
# Run
- ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
+ ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
# Post hooks
for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"