From cb8e1d2ebbda7965c173a2a9a4d1fbd9a18dcec0 Mon Sep 17 00:00:00 2001
From: pvincent <pvincent@artcode.re>
Date: Wed, 28 Feb 2024 22:52:47 +0400
Subject: [PATCH] device readonly

---
 scripts/lxc-miaou-create | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/lxc-miaou-create b/scripts/lxc-miaou-create
index d5914dc..540940f 100755
--- a/scripts/lxc-miaou-create
+++ b/scripts/lxc-miaou-create
@@ -108,8 +108,8 @@ EOF
     mkdir -p "$HOME/LXD/SHARED/$CONTAINER"
 
     lxc config device add "$CONTAINER" SHARED disk source="$HOME/LXD/SHARED/$CONTAINER" path=/mnt/SHARED -q
-    lxc config device add "$CONTAINER" TOOLBOX disk source=/TOOLBOX path=/TOOLBOX -q
-    lxc config device add "$CONTAINER" MIAOU_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash -q
+    lxc config device add "$CONTAINER" TOOLBOX disk source=/TOOLBOX path=/TOOLBOX readonly=true -q
+    lxc config device add "$CONTAINER" MIAOU_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash readonly=true -q
 
     # environment variables
     lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/miaou-bash/tools:/TOOLBOX -q
@@ -117,7 +117,7 @@ EOF
 
     if [[ "$OPTION_NESTING" == true ]]; then
         lxc config set "$CONTAINER" security.nesting true -q
-        lxc config device add "$CONTAINER" miaou disk source=/opt/miaou path=/opt/miaou -q
+        lxc config device add "$CONTAINER" miaou disk source=/opt/miaou path=/opt/miaou readonly=true -q
     fi
 
     lxc start "$CONTAINER" -q
@@ -164,6 +164,7 @@ EOF
     fi
 
     if [[ "$OPTION_SSH" == true && "$OPTION_SAMEUSER" == true ]]; then
+        #FIXME: can be fatser due to openssh-server already installed from cloud-init
         lxc-miaou-enable-ssh "$CONTAINER" >/dev/null
     fi