Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-04-02 05:23:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow access to readonly volumes during sandboxed

Browse Source
This commit is contained in:
Aiden McClelland
2021-08-16 17:48:45 -06:00
committed by Aiden McClelland
parent 7dc53a4e85
commit 8b1daabb05
5 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
appmgr/src/action/docker.rs
View File

@@ -10,7 +10,7 @@ use serde_json::Value;
use crate::id::{Id, ImageId};
use crate::s9pk::manifest::{PackageId, SYSTEM_PACKAGE_ID};
use crate::util::{IoFormat, Version};
use crate::volume::{VolumeId, Volumes};
use crate::volume::{Volume, VolumeId, Volumes};
use crate::{Error, ResultExt, HOST_IP};
pub const NET_TLD: &'static str = "embassy";
@@ -110,12 +110,13 @@ impl DockerAction {
&self,
pkg_id: &PackageId,
pkg_version: &Version,
volumes: &Volumes,
input: Option<I>,
) -> Result<Result<O, (i32, String)>, Error> {
let mut cmd = tokio::process::Command::new("docker");
cmd.arg("run").arg("--rm").arg("--network=none");
cmd.args(
self.docker_args(pkg_id, pkg_version, &Volumes::default(), false)
self.docker_args(pkg_id, pkg_version, &volumes.to_readonly(), false)
.await,
);
let input_buf = if let (Some(input), Some(format)) = (&input, &self.io_format) {