commit 34a2c37284c8d0a9acbfb8f7ea481cd5185480a3
parent f8fb5b1688504334c7f775353ea0a66ab5d8b0b8
Author: Jan Pobříslo <ccx@te2000.cz>
Date: Sun, 20 Feb 2022 11:54:18 +0000
Bind-mount /mnt to tmpfs, use CONTAINER_MNT_DIRS to precreate directories there.
Diffstat:
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/service_scripts/generic/run b/service_scripts/generic/run
@@ -12,6 +12,7 @@ multisubstitute {
define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
# define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
define -s tmpfs_dirs "home run tmp inbox run/inbox tmp/.X11-unix"
+ importas -D ns -sCn CONTAINER_MNT_DIRS
}
getpid NS_PID
@@ -24,7 +25,7 @@ foreground {
}
if { rm -rf ${CONTAINER_TMPFS} }
-if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} ${CONTAINER_TMPFS}/mnt/${CONTAINER_MNT_DIRS} }
if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
if { mount -a --fstab data/fstab }
diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init
@@ -235,9 +235,10 @@ confz_container_service_sysroot_check() {
confz_container_service_generic_check() {
local uid gid container_user_dir svc_dir container
- local -a fstab
+ local -a fstab mnt_dirs
checkvars containers_dir svscan_dir image_name user
defvar fstab_extra ''
+ defvar mnt_dirs_extra 'ns'
defvar container_name "$vars[image_name]"
container=$vars[container_name]
@@ -269,12 +270,15 @@ confz_container_service_generic_check() {
require fs_l filename=$vars[containers_dir]/home/$vars[user]/$container \
destination=../../user/$vars[user]/$container/home/$vars[user]
+ mnt_dirs=( ns $=mnt_dirs_extra )
+
fstab=(
$vars[containers_dir]/systems/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
$container_user_dir/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
/run/containers/$container.$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
/run/containers/$container.$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
/run/containers/$container.$vars[user]/inbox$'\t'$container_user_dir/root/.inbox$'\tnone\tbind,ro,nosuid,nodev\t0 0'
+ /run/containers/$container.$vars[user]/mnt$'\t'$container_user_dir/root/mnt$'\tnone\tbind,ro,nosuid,nodev\t0 0'
"${(f@)vars[fstab_extra]}"
)
@@ -288,6 +292,8 @@ confz_container_service_generic_check() {
content=$vars[user]
require fs_contentnl filename=$svc_dir/env/CONTAINER_NAME \
content=$container
+ require fs_contentnl filename=$svc_dir/env/CONTAINER_MNT_DIRS \
+ content="$mnt_dirs"
}
confz_container_service_alsa_check() {
@@ -464,9 +470,9 @@ confz_container_generic_layout_check() {
require fs_m filename="$vars[root]/mnt" mode=0755
require fs_o filename="$vars[root]/mnt" owner=$vars[uid]:$vars[gid]
- require fs_d filename="$vars[root]/mnt/ns"
- require fs_m filename="$vars[root]/mnt/ns" mode=0755
- require fs_o filename="$vars[root]/mnt/ns" owner=$vars[uid]:$vars[gid]
+ # require fs_d filename="$vars[root]/mnt/ns"
+ # require fs_m filename="$vars[root]/mnt/ns" mode=0755
+ # require fs_o filename="$vars[root]/mnt/ns" owner=$vars[uid]:$vars[gid]
require fs_d filename="$vars[root]/run"
require fs_m filename="$vars[root]/run" mode=0755
