Browse Source

See #1335: Added --read-only

Signed-off-by: CJ <[email protected]>
CJ 10 years ago
parent
commit
b06294399a
4 changed files with 13 additions and 1 deletions
  1. 1 0
      compose/config.py
  2. 3 0
      compose/service.py
  3. 2 1
      docs/yml.md
  4. 7 0
      tests/integration/service_test.py

+ 1 - 0
compose/config.py

@@ -17,6 +17,7 @@ DOCKER_CONFIG_KEYS = [
     'env_file',
     'environment',
     'extra_hosts',
+    'read_only',
     'hostname',
     'image',
     'labels',

+ 3 - 0
compose/service.py

@@ -24,6 +24,7 @@ DOCKER_START_KEYS = [
     'dns_search',
     'env_file',
     'extra_hosts',
+    'read_only',
     'net',
     'pid',
     'privileged',
@@ -442,6 +443,7 @@ class Service(object):
         restart = parse_restart_spec(options.get('restart', None))
 
         extra_hosts = build_extra_hosts(options.get('extra_hosts', None))
+        read_only = options.get('read_only', None)
 
         return create_host_config(
             links=self._get_links(link_to_self=one_off),
@@ -456,6 +458,7 @@ class Service(object):
             cap_add=cap_add,
             cap_drop=cap_drop,
             extra_hosts=extra_hosts,
+            read_only=read_only,
             pid_mode=pid
         )
 

+ 2 - 1
docs/yml.md

@@ -328,7 +328,7 @@ dns_search:
   - dc2.example.com
 ```
 
-### working\_dir, entrypoint, user, hostname, domainname, mem\_limit, privileged, restart, stdin\_open, tty, cpu\_shares, cpuset
+### working\_dir, entrypoint, user, hostname, domainname, mem\_limit, privileged, restart, stdin\_open, tty, cpu\_shares, cpuset, read\_only
 
 Each of these is a single value, analogous to its
 [docker run](https://docs.docker.com/reference/run/) counterpart.
@@ -351,6 +351,7 @@ restart: always
 
 stdin_open: true
 tty: true
+read_only: true
 ```
 
 ## Compose documentation

+ 7 - 0
tests/integration/service_test.py

@@ -177,6 +177,13 @@ class ServiceTest(DockerClientTestCase):
         service.start_container(container)
         self.assertEqual(container.inspect()['Config']['Cpuset'], '0')
 
+    def test_create_container_with_read_only_root_fs(self):
+        read_only = True
+        service = self.create_service('db', read_only=read_only)
+        container = service.create_container()
+        service.start_container(container)
+        self.assertEqual(container.get('HostConfig.ReadonlyRootfs'), read_only, container.get('HostConfig'))
+
     def test_create_container_with_specified_volume(self):
         host_path = '/tmp/host-path'
         container_path = '/container-path'