app_containers: Move to using CONTAINER_BIND_MOUNTS for extra binds

...instead of the overly generic SYSTEMD_NSPAWN_EXTRA_ARGS variable.
This commit is contained in:
Peter Cai 2022-12-31 15:26:51 -05:00
parent 19f37e343b
commit edcfaef386

View file

@ -73,7 +73,7 @@ bind_opts=""
user_on_host=$run_as
if [ "$CONTAINER_USE_USERNS" = true ]; then
private_users=$(shuf -i 65536-$((2147483647 - 65536)) -n1) # Pick a random starting offset
bind_opts="idmap" # Note: custom mounts specified by the user are expected to incldue the idmap option as well
bind_opts="idmap"
user_on_host=$((private_users + run_as))
fi
@ -90,6 +90,12 @@ for input in $(find /dev/input -type c); do
sudo -A setfacl -m u:$user_on_host:rw- $input
done
# Bind-mounts defined by the user (possibly in the container-specific config file)
# Format should be "src:target". target cannot be omitted
for mount in ${CONTAINER_BIND_MOUNTS[@]}; do
SYSTEMD_NSPAWN_EXTRA_ARGS+=" --bind=$mount:$bind_opts"
done
sudo -A systemd-nspawn -M $CONTAINER_NAME \
--private-users=$private_users --private-users-ownership=map \
`# DNS (when containers do not have their own netns)` \