Add support for per-app extra bind mounts

This commit is contained in:
Peter Cai 2024-05-16 18:12:52 -04:00
parent 881a755ba4
commit d5543eeb1b
2 changed files with 17 additions and 0 deletions

View file

@ -19,3 +19,11 @@ DEV_INPUT_APP_ALLOWLIST=()
# Array of app containers that are granted direct Wayland / X11 access
# apps not in this list will be graphically isolated using Sommelier
DISPLAY_SERVER_APP_ALLOWLIST=()
# Extra bind mounts per app container, one per line in the following format:
# /path/on/host:/path/in/container
# Since the default username is `user` inside all packaged containers, you could
# assume `/home/user` is the home directory inside those containers.
# Note that any `-` in appname should be replaced with `_`
# Also note that the app name does not include the `app-` prefix.
#EXTRA_BIND_MOUNTS_appname=()

View file

@ -99,6 +99,15 @@ if is_in_array "$1" "${DEV_INPUT_APP_ALLOWLIST[@]}"; then
fi
fi
# Extra bind mounts
bind_mount_var_name="EXTRA_BIND_MOUNTS_${1//-/_}"
if [[ "$(declare -p ${bind_mount_var_name})" =~ "declare -a" ]]; then
bind_mount_var="${bind_mount_var_name}[@]"
for mount in "${!bind_mount_var}"; do
extra_args="$extra_args -v $mount"
done
fi
# The fun part: start the container!
# Don't detach like we did with Sommelier, though
podman run --rm "${podman_security_args[@]}" --name "$container_name" \