app_containers: Move to using CONTAINER_BIND_MOUNTS for extra binds
...instead of the overly generic SYSTEMD_NSPAWN_EXTRA_ARGS variable.
This commit is contained in:
parent
19f37e343b
commit
edcfaef386
|
@ -73,7 +73,7 @@ bind_opts=""
|
|||
user_on_host=$run_as
|
||||
if [ "$CONTAINER_USE_USERNS" = true ]; then
|
||||
private_users=$(shuf -i 65536-$((2147483647 - 65536)) -n1) # Pick a random starting offset
|
||||
bind_opts="idmap" # Note: custom mounts specified by the user are expected to incldue the idmap option as well
|
||||
bind_opts="idmap"
|
||||
user_on_host=$((private_users + run_as))
|
||||
fi
|
||||
|
||||
|
@ -90,6 +90,12 @@ for input in $(find /dev/input -type c); do
|
|||
sudo -A setfacl -m u:$user_on_host:rw- $input
|
||||
done
|
||||
|
||||
# Bind-mounts defined by the user (possibly in the container-specific config file)
|
||||
# Format should be "src:target". target cannot be omitted
|
||||
for mount in ${CONTAINER_BIND_MOUNTS[@]}; do
|
||||
SYSTEMD_NSPAWN_EXTRA_ARGS+=" --bind=$mount:$bind_opts"
|
||||
done
|
||||
|
||||
sudo -A systemd-nspawn -M $CONTAINER_NAME \
|
||||
--private-users=$private_users --private-users-ownership=map \
|
||||
`# DNS (when containers do not have their own netns)` \
|
||||
|
|
Loading…
Reference in a new issue