From 1e05b691a5fc0a67c70a804b3b7076065a14c532 Mon Sep 17 00:00:00 2001 From: Dustin Black Date: Tue, 7 May 2024 19:15:43 +0200 Subject: [PATCH 1/3] add host read-only option --- connector.go | 3 ++- internal/argsbuilder/argsbuilder.go | 8 ++++++++ internal/argsbuilder/argsbuilder_interface.go | 1 + schema.go | 10 ++++++++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/connector.go b/connector.go index a003d20..0bb9e58 100644 --- a/connector.go +++ b/connector.go @@ -48,7 +48,8 @@ func (c *Connector) Deploy(ctx context.Context, image string) (deployer.Plugin, SetVolumes(hostConfig.Binds). SetCgroupNs(string(hostConfig.CgroupnsMode)). SetNetworkMode(string(hostConfig.NetworkMode)). - SetPrivileged(hostConfig.Privileged) + SetPrivileged(hostConfig.Privileged). + SetReadOnly(hostConfig.ReadOnly) stdin, stdout, err := c.podmanCliWrapper.Deploy(image, commandArgs, []string{"--atp"}) diff --git a/internal/argsbuilder/argsbuilder.go b/internal/argsbuilder/argsbuilder.go index 05fa409..c0232df 100644 --- a/internal/argsbuilder/argsbuilder.go +++ b/internal/argsbuilder/argsbuilder.go @@ -1,6 +1,7 @@ package argsbuilder import ( + "strconv" "strings" ) @@ -53,3 +54,10 @@ func (a *argsBuilder) SetPrivileged(privileged bool) ArgsBuilder { } return a } + +func (a *argsBuilder) SetReadOnly(readOnly *bool) ArgsBuilder { + if readOnly != nil { + *a.commandArgs = append(*a.commandArgs, "--read-only=", strconv.FormatBool(*readOnly)) + } + return a +} diff --git a/internal/argsbuilder/argsbuilder_interface.go b/internal/argsbuilder/argsbuilder_interface.go index 3dcd54c..15d5f7e 100644 --- a/internal/argsbuilder/argsbuilder_interface.go +++ b/internal/argsbuilder/argsbuilder_interface.go @@ -7,6 +7,7 @@ type ArgsBuilder interface { SetContainerName(name string) ArgsBuilder SetNetworkMode(networkMode string) ArgsBuilder SetPrivileged(privileged bool) ArgsBuilder + SetReadOnly(readOnly *bool) ArgsBuilder } func NewBuilder(commandArgs *[]string) ArgsBuilder { diff --git a/schema.go b/schema.go index 11cd71c..83da1e9 100644 --- a/schema.go +++ b/schema.go @@ -340,6 +340,16 @@ var Schema = schema.NewTypedScopeSchema[*Config]( schema.PointerTo(util.JSONEncode(false)), nil, ), + "ReadOnly": schema.NewPropertySchema( + schema.NewBoolSchema(), + schema.NewDisplayValue(schema.PointerTo("ReadOnly"), schema.PointerTo("Execute container process with or without a read only file system"), nil), + false, + nil, + nil, + nil, + schema.PointerTo(util.JSONEncode(false)), + nil, + ), }, ), schema.NewStructMappedObjectSchema[*nat.PortBinding]( From cac6b0bca76978fcbdf680f9717b43acd14e4fd8 Mon Sep 17 00:00:00 2001 From: Dustin Black Date: Tue, 7 May 2024 19:55:46 +0200 Subject: [PATCH 2/3] WIP add read-only root parameter --- connector.go | 2 +- internal/argsbuilder/argsbuilder.go | 6 +++--- internal/argsbuilder/argsbuilder_interface.go | 2 +- schema.go | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/connector.go b/connector.go index 0bb9e58..904f964 100644 --- a/connector.go +++ b/connector.go @@ -49,7 +49,7 @@ func (c *Connector) Deploy(ctx context.Context, image string) (deployer.Plugin, SetCgroupNs(string(hostConfig.CgroupnsMode)). SetNetworkMode(string(hostConfig.NetworkMode)). SetPrivileged(hostConfig.Privileged). - SetReadOnly(hostConfig.ReadOnly) + SetReadOnlyRoot(&hostConfig.ReadonlyRootfs) stdin, stdout, err := c.podmanCliWrapper.Deploy(image, commandArgs, []string{"--atp"}) diff --git a/internal/argsbuilder/argsbuilder.go b/internal/argsbuilder/argsbuilder.go index c0232df..3cc2dd6 100644 --- a/internal/argsbuilder/argsbuilder.go +++ b/internal/argsbuilder/argsbuilder.go @@ -55,9 +55,9 @@ func (a *argsBuilder) SetPrivileged(privileged bool) ArgsBuilder { return a } -func (a *argsBuilder) SetReadOnly(readOnly *bool) ArgsBuilder { - if readOnly != nil { - *a.commandArgs = append(*a.commandArgs, "--read-only=", strconv.FormatBool(*readOnly)) +func (a *argsBuilder) SetReadOnlyRoot(readOnlyRootfs *bool) ArgsBuilder { + if readOnlyRootfs != nil { + *a.commandArgs = append(*a.commandArgs, "--read-only="+strconv.FormatBool(*readOnlyRootfs)) } return a } diff --git a/internal/argsbuilder/argsbuilder_interface.go b/internal/argsbuilder/argsbuilder_interface.go index 15d5f7e..99d7bd7 100644 --- a/internal/argsbuilder/argsbuilder_interface.go +++ b/internal/argsbuilder/argsbuilder_interface.go @@ -7,7 +7,7 @@ type ArgsBuilder interface { SetContainerName(name string) ArgsBuilder SetNetworkMode(networkMode string) ArgsBuilder SetPrivileged(privileged bool) ArgsBuilder - SetReadOnly(readOnly *bool) ArgsBuilder + SetReadOnlyRoot(readOnlyRootfs *bool) ArgsBuilder } func NewBuilder(commandArgs *[]string) ArgsBuilder { diff --git a/schema.go b/schema.go index 83da1e9..afb7a4d 100644 --- a/schema.go +++ b/schema.go @@ -340,10 +340,10 @@ var Schema = schema.NewTypedScopeSchema[*Config]( schema.PointerTo(util.JSONEncode(false)), nil, ), - "ReadOnly": schema.NewPropertySchema( + "ReadonlyRootfs": schema.NewPropertySchema( schema.NewBoolSchema(), - schema.NewDisplayValue(schema.PointerTo("ReadOnly"), schema.PointerTo("Execute container process with or without a read only file system"), nil), - false, + schema.NewDisplayValue(schema.PointerTo("ReadonlyRootfs"), schema.PointerTo("Execute container process with or without a read only root file system"), nil), + nil, nil, nil, nil, From 9a2e696ab53d66a1c7ecf46c3bc6cc3b108b55d4 Mon Sep 17 00:00:00 2001 From: Dustin Black Date: Wed, 8 May 2024 11:47:30 +0200 Subject: [PATCH 3/3] correct required and default --- schema.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema.go b/schema.go index afb7a4d..78300e9 100644 --- a/schema.go +++ b/schema.go @@ -343,11 +343,11 @@ var Schema = schema.NewTypedScopeSchema[*Config]( "ReadonlyRootfs": schema.NewPropertySchema( schema.NewBoolSchema(), schema.NewDisplayValue(schema.PointerTo("ReadonlyRootfs"), schema.PointerTo("Execute container process with or without a read only root file system"), nil), + false, nil, nil, nil, nil, - schema.PointerTo(util.JSONEncode(false)), nil, ), },