Skip to content

Commit

Permalink
allow to specify read_only root FS in containers definition
Browse files Browse the repository at this point in the history 
Signed-off-by: Simon L <[email protected]>
  • Loading branch information
@szaimen
szaimen committed May 31, 2023
1 parent 27d99ef commit cf1efa9
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 0 deletions.
3 changes: 3 additions & 0 deletions php/containers-schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,9 @@
"minlength": 1
}
},
"read_only": {
"type": "boolean"
},
"volumes": {
"type": "array",
"items": {
Expand Down
7 changes: 7 additions & 0 deletions php/src/Container/Container.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ class Container {
/** @var string[] */
private array $backupVolumes;
private array $nextcloudExecCommands;
private bool $readOnlyRootFs;
private DockerActionManager $dockerActionManager;

public function __construct(
Expand All @@ -50,6 +51,7 @@ public function __construct(
bool $apparmorUnconfined,
array $backupVolumes,
array $nextcloudExecCommands,
bool $readOnlyRootFs,
DockerActionManager $dockerActionManager
) {
$this->identifier = $identifier;
Expand All @@ -69,6 +71,7 @@ public function __construct(
$this->apparmorUnconfined = $apparmorUnconfined;
$this->backupVolumes = $backupVolumes;
$this->nextcloudExecCommands = $nextcloudExecCommands;
$this->readOnlyRootFs = $readOnlyRootFs;
$this->dockerActionManager = $dockerActionManager;
}

Expand All @@ -88,6 +91,10 @@ public function GetRestartPolicy() : string {
return $this->restartPolicy;
}

public function GetReadOnlySetting() : bool {
return $this->readOnlyRootFs;
}

public function GetShmSize() : int {
return $this->shmSize;
}
Expand Down
6 changes: 6 additions & 0 deletions php/src/ContainerDefinitionFetcher.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,11 @@ private function GetDefinition(bool $latest): array
$nextcloudExecCommands = $entry['nextcloud_exec_commands'];
}

$readOnlyRootFs = false;
if (isset($entry['read_only'])) {
$readOnlyRootFs = $entry['read_only'];
}

$containers[] = new Container(
$entry['container_name'],
$displayName,
Expand All @@ -272,6 +277,7 @@ private function GetDefinition(bool $latest): array
$apparmorUnconfined,
$backupVolumes,
$nextcloudExecCommands,
$readOnlyRootFs,
$this->container->get(DockerActionManager::class)
);
}
Expand Down
2 changes: 2 additions & 0 deletions php/src/Docker/DockerActionManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,8 @@ public function CreateContainer(Container $container) : void {
}

$requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();

$requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();

$exposedPorts = [];
if ($container->GetInternalPort() !== 'host') {
Expand Down

0 comments on commit cf1efa9

Please sign in to comment.