Add support for per-app extra bind mounts
This commit is contained in:
parent
881a755ba4
commit
d5543eeb1b
|
@ -19,3 +19,11 @@ DEV_INPUT_APP_ALLOWLIST=()
|
||||||
# Array of app containers that are granted direct Wayland / X11 access
|
# Array of app containers that are granted direct Wayland / X11 access
|
||||||
# apps not in this list will be graphically isolated using Sommelier
|
# apps not in this list will be graphically isolated using Sommelier
|
||||||
DISPLAY_SERVER_APP_ALLOWLIST=()
|
DISPLAY_SERVER_APP_ALLOWLIST=()
|
||||||
|
|
||||||
|
# Extra bind mounts per app container, one per line in the following format:
|
||||||
|
# /path/on/host:/path/in/container
|
||||||
|
# Since the default username is `user` inside all packaged containers, you could
|
||||||
|
# assume `/home/user` is the home directory inside those containers.
|
||||||
|
# Note that any `-` in appname should be replaced with `_`
|
||||||
|
# Also note that the app name does not include the `app-` prefix.
|
||||||
|
#EXTRA_BIND_MOUNTS_appname=()
|
||||||
|
|
|
@ -99,6 +99,15 @@ if is_in_array "$1" "${DEV_INPUT_APP_ALLOWLIST[@]}"; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Extra bind mounts
|
||||||
|
bind_mount_var_name="EXTRA_BIND_MOUNTS_${1//-/_}"
|
||||||
|
if [[ "$(declare -p ${bind_mount_var_name})" =~ "declare -a" ]]; then
|
||||||
|
bind_mount_var="${bind_mount_var_name}[@]"
|
||||||
|
for mount in "${!bind_mount_var}"; do
|
||||||
|
extra_args="$extra_args -v $mount"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
# The fun part: start the container!
|
# The fun part: start the container!
|
||||||
# Don't detach like we did with Sommelier, though
|
# Don't detach like we did with Sommelier, though
|
||||||
podman run --rm "${podman_security_args[@]}" --name "$container_name" \
|
podman run --rm "${podman_security_args[@]}" --name "$container_name" \
|
||||||
|
|
Loading…
Reference in a new issue