Merge pull request warewulf#1564 from anderbubble/issues/1447

Use a sentinel file to determine container readonly state
iankgt40 · Dec 2, 2024 · d584c14 · d584c14
2 parents ab0edde + 07f6402
commit d584c14
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -67,6 +67,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Rename udev net naming file to 70-persistent-net.rules. #1227
 - Manage warewulfd template data as a pointer. #1548
 - Added test for sending grub.cfg.ww. #1548
+- Use a sentinel file to determine container readonly state. #1447
 
 ### Removed
 

diff --git a/internal/app/wwctl/container/exec/child/main.go b/internal/app/wwctl/container/exec/child/main.go
@@ -120,7 +120,7 @@ func CobraRunE(cmd *cobra.Command, args []string) (err error) {
 		}
 		ps1Str = fmt.Sprintf("[%s|ro|%s] Warewulf> ", containerName, nodename)
 	}
-	if !util.IsWriteAble(containerPath) && nodename == "" {
+	if !container.IsWriteAble(containerName) && nodename == "" {
 		wwlog.Verbose("mounting %s ro", containerPath)
 		ps1Str = fmt.Sprintf("[%s|ro] Warewulf> ", containerName)
 		err = syscall.Mount(containerPath, containerPath, "", syscall.MS_BIND, "")

diff --git a/internal/pkg/container/util.go b/internal/pkg/container/util.go
@@ -2,6 +2,7 @@ package container
 
 import (
 	"os"
+	"path/filepath"
 
 	"github.com/pkg/errors"
 
@@ -109,3 +110,7 @@ func DeleteImage(name string) error {
 	}
 	return errors.Errorf("Image %s of container %s doesn't exist\n", imageFile, name)
 }
+
+func IsWriteAble(name string) bool {
+	return !util.IsFile(filepath.Join(SourceDir(name), "readonly"))
+}
diff --git a/internal/pkg/util/util.go b/internal/pkg/util/util.go
@@ -565,21 +565,3 @@ func ByteToString(b int64) string {
 	}
 	return fmt.Sprintf("%.1f %ciB", float64(b)/float64(div), "KMGTPE"[exp])
 }
-
-/*
-Check if the w-bit of a file/dir. unix.Access(file,unix.W_OK) will
-not show this.
-*/
-func IsWriteAble(path string) bool {
-	info, err := os.Stat(path)
-	if err != nil {
-		return false
-	}
-
-	// Check if the user bit is enabled in file permission
-	if info.Mode().Perm()&(1<<(uint(7))) == 0 {
-		wwlog.Debug("Write permission bit is not set for: %s", path)
-		return false
-	}
-	return true
-}
diff --git a/userdocs/contents/containers.rst b/userdocs/contents/containers.rst
@@ -464,3 +464,14 @@ tools 1.21 or newer. Below is an example for building wwclient for arm64:
    # cp wwclient /var/lib/warewulf/overlays/wwclient_arm64/rootfs/warewulf
 
 Then, apply the new "wwclient_arm64" system overlay to your arm64 node/profile
+
+Read-only containers
+====================
+
+A container may be marked "read-only" by creating a ``readonly`` file in its
+source directory, typically next to ``rootfs``.
+
+.. note::
+
+   Read-only containers are a preview feature primarily meant to enable future
+   support for container subscriptions and updates.