summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libpod/container.go5
-rw-r--r--libpod/container_internal_linux.go5
2 files changed, 9 insertions, 1 deletions
diff --git a/libpod/container.go b/libpod/container.go
index f68a3535e..fc613f406 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -970,3 +970,8 @@ func (c *Container) RootGID() int {
func (c *Container) IsInfra() bool {
return c.config.IsInfra
}
+
+// IsReadOnly returns whether the container is running in read only mode
+func (c *Container) IsReadOnly() bool {
+ return c.config.Spec.Root.Readonly
+}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index c0912dc0d..f9e161cb3 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -107,7 +107,10 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
Type: "bind",
Source: srcPath,
Destination: dstPath,
- Options: []string{"rw", "bind", "private"},
+ Options: []string{"bind", "private"},
+ }
+ if c.IsReadOnly() {
+ newMount.Options = append(newMount.Options, "ro")
}
if !MountExists(g.Mounts(), dstPath) {
g.AddMount(newMount)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-28 07:28:31 +0000