From 622fe63eb37f957ee5c29684e24f1d2d636fd086 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 3 Apr 2017 11:57:55 +0200 Subject: Adding support for bind-ro nspawn option for read-only bind mounts. Signed-off-by: Daniel Baumann --- share/scripts/curl | 7 ++++++- share/scripts/debconf | 42 +++++++++++++++++++++++++++++++++++++++--- share/scripts/debootstrap | 7 ++++++- 3 files changed, 51 insertions(+), 5 deletions(-) (limited to 'share/scripts') diff --git a/share/scripts/curl b/share/scripts/curl index 67691e3..18d49c0 100755 --- a/share/scripts/curl +++ b/share/scripts/curl @@ -26,7 +26,7 @@ CACHE="/var/cache/container-tools/images" Parameters () { - GETOPT_LONGOPTIONS="bind:,script:,name:,clean,image:,server:,password:" + GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,clean,image:,server:,password:" GETOPT_OPTIONS="b:,s:,n:,p:" PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -47,6 +47,11 @@ Parameters () shift 2 ;; + --bind-ro) + # ignore + shift 2 + ;; + --cnt.auto) # ignore shift 2 diff --git a/share/scripts/debconf b/share/scripts/debconf index 6d0410a..df9241c 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -26,7 +26,7 @@ MACHINES="/var/lib/machines" Parameters () { - GETOPT_LONGOPTIONS="bind:,script:,name:,preseed-file:" + GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,preseed-file:" GETOPT_OPTIONS="b:,s:,n:,p:" PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -47,6 +47,11 @@ Parameters () shift 2 ;; + --bind-ro) + # ignore + shift 2 + ;; + --cnt.auto) # ignore shift 2 @@ -911,6 +916,7 @@ Commands () sed -i -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" "${CONFIG}/${NAME}.conf" sed -i -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" "${CONFIG}/${NAME}.conf" sed -i -e "s|^bind=.*|bind=${BIND}|" "${CONFIG}/${NAME}.conf" + sed -i -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|" "${CONFIG}/${NAME}.conf" sed -i -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" "${CONFIG}/${NAME}.conf" for NUMBER in $(seq 1 ${NETWORK_NUMBER}) @@ -1003,7 +1009,7 @@ Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" mkdir -p "${MACHINES}" cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" -# Mounting bind mounts +# Mounting rw bind mounts if [ -n "${BIND}" ] then BINDS="$(echo ${BIND} | sed -e 's|;| |g')" @@ -1020,6 +1026,23 @@ then done fi +# Mounting ro bind mounts +if [ -n "${BIND_RO}" ] +then + BINDS_RO="$(echo ${BIND_RO} | sed -e 's|;| |g')" + + for ENTRY in ${BINDS_RO} + do + SOURCE="$(echo ${ENTRY} | awk -F: '{ print $1 }')" + TARGET="$(echo ${ENTRY} | awk -F: '{ print $2 }')" + + mkdir -p "${SOURCE}" + mkdir -p "${MACHINES}/${NAME}/${TARGET}" + + mount -o rbind "${SOURCE}" "${MACHINES}/${NAME}/${TARGET}" + done +fi + # Mounting overlay mounts if [ -n "${CNT_OVERLAY}" ] then @@ -1069,7 +1092,20 @@ then done fi -# Unmounting bind mounts +# Unmounting ro bind mounts +if [ -n "${BIND_RO}" ] +then + BINDS_RO="$(echo ${BIND_RO} | sed -e 's|;| |g')" + + for ENTRY in ${BINDS_RO} + do + TARGET="$(echo ${ENTRY} | awk -F: '{ print $2 }')" + + umount "${MACHINES}/${NAME}/${TARGET}" + done +fi + +# Unmounting rw bind mounts if [ -n "${BIND}" ] then BINDS="$(echo ${BIND} | sed -e 's|;| |g')" diff --git a/share/scripts/debootstrap b/share/scripts/debootstrap index ecf167c..79a3193 100755 --- a/share/scripts/debootstrap +++ b/share/scripts/debootstrap @@ -25,7 +25,7 @@ MACHINES="/var/lib/machines" Parameters () { - GETOPT_LONGOPTIONS="bind:,script:,name:,architecture:,distribution:,mirror:,password:" + GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,architecture:,distribution:,mirror:,password:" GETOPT_OPTIONS="b:,s:,n:,a:,d:,m:,p:" PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -46,6 +46,11 @@ Parameters () shift 2 ;; + --bind-ro) + # ignore + shift 2 + ;; + --cnt.auto) # ignore shift 2 -- cgit v1.2.3