Merge pull request #2641 from nextcloud/enh/2506/allow-to-specify-read-only

allow to specify read_only root FS in containers definition
2025-12-20 06:26:57 +00:00 · 2023-06-06 10:34:03 +02:00 · 2023-06-06 10:34:03 +02:00 · 68f64397ea
commit 68f64397ea
parent b1eb97dc4b cf1efa9bb0
4 changed files with 18 additions and 0 deletions
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@ -134,6 +134,9 @@
 							"pattern": "^nextcloud-aio$"
 						}
 					},
 					"read_only": {
 						"type": "boolean"
 					},
 					"volumes": {
 						"type": "array",
 						"items": {
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@ -30,6 +30,7 @@ class Container {
    /** @var string[] */
    private array $backupVolumes;
    private array $nextcloudExecCommands;
    private bool $readOnlyRootFs;
    private DockerActionManager $dockerActionManager;
    public function __construct(
@ -50,6 +51,7 @@ class Container {
        bool $apparmorUnconfined,
        array $backupVolumes,
        array $nextcloudExecCommands,
        bool $readOnlyRootFs,
        DockerActionManager $dockerActionManager
    ) {
        $this->identifier = $identifier;
@ -69,6 +71,7 @@ class Container {
        $this->apparmorUnconfined = $apparmorUnconfined;
        $this->backupVolumes = $backupVolumes;
        $this->nextcloudExecCommands = $nextcloudExecCommands;
        $this->readOnlyRootFs = $readOnlyRootFs;
        $this->dockerActionManager = $dockerActionManager;
    }
@ -88,6 +91,10 @@ class Container {
        return $this->restartPolicy;
    }
    public function GetReadOnlySetting() : bool {
        return $this->readOnlyRootFs;
    }
    public function GetShmSize() : int {
        return $this->shmSize;
    }
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@ -262,6 +262,11 @@ class ContainerDefinitionFetcher
                $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
            }
            $readOnlyRootFs = false;
            if (isset($entry['read_only'])) {
                $readOnlyRootFs = $entry['read_only'];
            }
            $containers[] = new Container(
                $entry['container_name'],
                $displayName,
@ -280,6 +285,7 @@ class ContainerDefinitionFetcher
                $apparmorUnconfined,
                $backupVolumes,
                $nextcloudExecCommands,
                $readOnlyRootFs,
                $this->container->get(DockerActionManager::class)
            );
        }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -383,6 +383,8 @@ class DockerActionManager
        }
        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
        $exposedPorts = [];
        if ($container->GetInternalPort() !== 'host') {