From d5543eeb1b467ac8011df370622cf85120fed7e4 Mon Sep 17 00:00:00 2001 From: Peter Cai Date: Thu, 16 May 2024 18:12:52 -0400 Subject: [PATCH] Add support for per-app extra bind mounts --- config-default.sh | 8 ++++++++ dobu-run.sh | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/config-default.sh b/config-default.sh index a1094fc..cdd213e 100644 --- a/config-default.sh +++ b/config-default.sh @@ -19,3 +19,11 @@ DEV_INPUT_APP_ALLOWLIST=() # Array of app containers that are granted direct Wayland / X11 access # apps not in this list will be graphically isolated using Sommelier DISPLAY_SERVER_APP_ALLOWLIST=() + +# Extra bind mounts per app container, one per line in the following format: +# /path/on/host:/path/in/container +# Since the default username is `user` inside all packaged containers, you could +# assume `/home/user` is the home directory inside those containers. +# Note that any `-` in appname should be replaced with `_` +# Also note that the app name does not include the `app-` prefix. +#EXTRA_BIND_MOUNTS_appname=() diff --git a/dobu-run.sh b/dobu-run.sh index 0db2bfc..f87e4c0 100755 --- a/dobu-run.sh +++ b/dobu-run.sh @@ -99,6 +99,15 @@ if is_in_array "$1" "${DEV_INPUT_APP_ALLOWLIST[@]}"; then fi fi +# Extra bind mounts +bind_mount_var_name="EXTRA_BIND_MOUNTS_${1//-/_}" +if [[ "$(declare -p ${bind_mount_var_name})" =~ "declare -a" ]]; then + bind_mount_var="${bind_mount_var_name}[@]" + for mount in "${!bind_mount_var}"; do + extra_args="$extra_args -v $mount" + done +fi + # The fun part: start the container! # Don't detach like we did with Sommelier, though podman run --rm "${podman_security_args[@]}" --name "$container_name" \