diff --git a/CHANGELOG.md b/CHANGELOG.md index b1c45e214..02e789e7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,6 +67,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rename udev net naming file to 70-persistent-net.rules. #1227 - Manage warewulfd template data as a pointer. #1548 - Added test for sending grub.cfg.ww. #1548 +- Use a sentinel file to determine container readonly state. #1447 ### Removed diff --git a/internal/app/wwctl/container/exec/child/main.go b/internal/app/wwctl/container/exec/child/main.go index 455ef9f90..2542f3c2c 100644 --- a/internal/app/wwctl/container/exec/child/main.go +++ b/internal/app/wwctl/container/exec/child/main.go @@ -120,7 +120,7 @@ func CobraRunE(cmd *cobra.Command, args []string) (err error) { } ps1Str = fmt.Sprintf("[%s|ro|%s] Warewulf> ", containerName, nodename) } - if !util.IsWriteAble(containerPath) && nodename == "" { + if !container.IsWriteAble(containerName) && nodename == "" { wwlog.Verbose("mounting %s ro", containerPath) ps1Str = fmt.Sprintf("[%s|ro] Warewulf> ", containerName) err = syscall.Mount(containerPath, containerPath, "", syscall.MS_BIND, "") diff --git a/internal/pkg/container/util.go b/internal/pkg/container/util.go index b2e54057a..38531c9f7 100644 --- a/internal/pkg/container/util.go +++ b/internal/pkg/container/util.go @@ -2,6 +2,7 @@ package container import ( "os" + "path/filepath" "github.com/pkg/errors" @@ -109,3 +110,7 @@ func DeleteImage(name string) error { } return errors.Errorf("Image %s of container %s doesn't exist\n", imageFile, name) } + +func IsWriteAble(name string) bool { + return !util.IsFile(filepath.Join(SourceDir(name), "readonly")) +} diff --git a/internal/pkg/util/util.go b/internal/pkg/util/util.go index e2099844b..ff01674d1 100644 --- a/internal/pkg/util/util.go +++ b/internal/pkg/util/util.go @@ -565,21 +565,3 @@ func ByteToString(b int64) string { } return fmt.Sprintf("%.1f %ciB", float64(b)/float64(div), "KMGTPE"[exp]) } - -/* -Check if the w-bit of a file/dir. unix.Access(file,unix.W_OK) will -not show this. -*/ -func IsWriteAble(path string) bool { - info, err := os.Stat(path) - if err != nil { - return false - } - - // Check if the user bit is enabled in file permission - if info.Mode().Perm()&(1<<(uint(7))) == 0 { - wwlog.Debug("Write permission bit is not set for: %s", path) - return false - } - return true -} diff --git a/userdocs/contents/containers.rst b/userdocs/contents/containers.rst index 65e1b2c95..bbfbc1477 100644 --- a/userdocs/contents/containers.rst +++ b/userdocs/contents/containers.rst @@ -464,3 +464,14 @@ tools 1.21 or newer. Below is an example for building wwclient for arm64: # cp wwclient /var/lib/warewulf/overlays/wwclient_arm64/rootfs/warewulf Then, apply the new "wwclient_arm64" system overlay to your arm64 node/profile + +Read-only containers +==================== + +A container may be marked "read-only" by creating a ``readonly`` file in its +source directory, typically next to ``rootfs``. + +.. note:: + + Read-only containers are a preview feature primarily meant to enable future + support for container subscriptions and updates.