Volume bind mounts into LXC containers inherited private propagation
from the host source path, which prevented mounts made inside a
container (e.g. NAS mounts via postinit.sh) from propagating back to
the host. Dependent services bind-mounting the same volume from the
host side would never see these internal mounts.
Self-bind each host volume directory and mark it rshared so that
container-internal mounts propagate back to the host path. Mark
dependency mounts as rslave so they receive propagated mounts but
cannot propagate mounts back to the source service.
Because rshared propagation means mounts can survive container
teardown, add defense-in-depth to uninstall cleanup: unmount any
remaining mounts under the package volume path, then refuse to
delete if any persist, preventing remove_dir_all from traversing
into a live NFS/NAS mount and destroying data.
* Fix PackageInfoShort to handle LocaleString on releaseNotes
* fix: filter by target_version in get_matching_models and pass otherVersions from install
* chore: add exver documentation for ai agents
* fix --arch flag to fall back to emulation when native image unavailable, always infer hardware requirement for arch
* better handling of arch filter
* dont cancel in-progress commit workflows and abstract common setup
* cli improvements
fix group handling
* fix cli publish
* alpha.19
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* help ios downlaod .crt and add begin add masked for addresses
* only require and show CA for public domain if addSsl
* fix type and revert i18n const
* feat: add address masking and adjust design (#3088)
* feat: add address masking and adjust design
* update lockfile
* chore: move eye button to actions
* chore: refresh notifications and handle action error
* static width for health check name
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* hide certificate authorities tab
* alpha.17
* add waiting health check status
* remove "on" from waiting message
* reject on abort in `.watch`
* id migration: nostr -> nostr-rs-relay
* health check waiting state
* use interface type for launch button
* better wording for masked
* cleaner
* sdk improvements
* fix type error
* fix notification badge issue
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Aiden McClelland <me@drbonez.dev>
