set volume mounts to rshared

Signed-off-by: Simon L <szaimen@e.mail.de>
nextcloud · May 26, 2023 · c5f0e01 · c5f0e01
1 parent f4140e1
commit c5f0e01
Showing 1 changed file with 13 additions and 20 deletions.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
@@ -210,26 +210,10 @@ public function CreateVolumes(Container $container): void
     }
 
     public function CreateContainer(Container $container) : void {
-        $volumes = [];
-        foreach($container->GetVolumes()->GetVolumes() as $volume) {
-            $volumeEntry = $volume->name . ':' . $volume->mountPoint;
-            if($volume->isWritable) {
-                $volumeEntry = $volumeEntry . ':' . 'rw';
-            } else {
-                $volumeEntry = $volumeEntry . ':' . 'ro';
-            }
-
-            $volumes[] = $volumeEntry;
-        }
-
         $requestBody = [
             'Image' => $this->BuildImageName($container),
         ];
 
-        if(count($volumes) > 0) {
-            $requestBody['HostConfig']['Binds'] = $volumes;
-        }
-
         foreach($container->GetSecrets() as $secret) {
             $this->configurationManager->GetAndGenerateSecret($secret);
         }
@@ -425,10 +409,18 @@ public function CreateContainer(Container $container) : void {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
         }
 
+        $mounts = [];
+        foreach($container->GetVolumes()->GetVolumes() as $volume) {
+            if (!str_starts_with($volume->name, '/')) {
+                $mounts[] = ["Type" => "volume", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable];
+            } else {
+                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "Propagation" => "rshared"];
+            }
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             // Additional backup directories
-            $mounts = [];
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
                     $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
@@ -443,15 +435,16 @@ public function CreateContainer(Container $container) : void {
                     }
                 }
             }
-            if(count($mounts) > 0) {
-                $requestBody['HostConfig']['Mounts'] = $mounts;
-            }
         // Special things for the talk container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
         }
 
+        if(count($mounts) > 0) {
+            $requestBody['HostConfig']['Mounts'] = $mounts;
+        }
+
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
         try {
             $this->guzzleClient->request(