Add support for per-app extra bind mounts
This commit is contained in:
parent
881a755ba4
commit
d5543eeb1b
2 changed files with 17 additions and 0 deletions
|
@ -19,3 +19,11 @@ DEV_INPUT_APP_ALLOWLIST=()
|
|||
# Array of app containers that are granted direct Wayland / X11 access
|
||||
# apps not in this list will be graphically isolated using Sommelier
|
||||
DISPLAY_SERVER_APP_ALLOWLIST=()
|
||||
|
||||
# Extra bind mounts per app container, one per line in the following format:
|
||||
# /path/on/host:/path/in/container
|
||||
# Since the default username is `user` inside all packaged containers, you could
|
||||
# assume `/home/user` is the home directory inside those containers.
|
||||
# Note that any `-` in appname should be replaced with `_`
|
||||
# Also note that the app name does not include the `app-` prefix.
|
||||
#EXTRA_BIND_MOUNTS_appname=()
|
||||
|
|
|
@ -99,6 +99,15 @@ if is_in_array "$1" "${DEV_INPUT_APP_ALLOWLIST[@]}"; then
|
|||
fi
|
||||
fi
|
||||
|
||||
# Extra bind mounts
|
||||
bind_mount_var_name="EXTRA_BIND_MOUNTS_${1//-/_}"
|
||||
if [[ "$(declare -p ${bind_mount_var_name})" =~ "declare -a" ]]; then
|
||||
bind_mount_var="${bind_mount_var_name}[@]"
|
||||
for mount in "${!bind_mount_var}"; do
|
||||
extra_args="$extra_args -v $mount"
|
||||
done
|
||||
fi
|
||||
|
||||
# The fun part: start the container!
|
||||
# Don't detach like we did with Sommelier, though
|
||||
podman run --rm "${podman_security_args[@]}" --name "$container_name" \
|
||||
|
|
Loading…
Reference in a new issue