From 578e27a66af95ed2ded303669d26e6900fce48ff Mon Sep 17 00:00:00 2001 From: Timo N Date: Sat, 5 Jan 2019 00:52:37 +0100 Subject: [PATCH] Made backup container mounts read only --- helper-scripts/backup_and_restore.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh index ca00934e..d6e34c4a 100755 --- a/helper-scripts/backup_and_restore.sh +++ b/helper-scripts/backup_and_restore.sh @@ -63,39 +63,39 @@ function backup() { vmail|all) docker run --rm \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_vmail-vol-1):/vmail \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_vmail-vol-1):/vmail:ro \ debian:stretch-slim /bin/tar --warning='no-file-ignored' -Pcvpzf /backup/backup_vmail.tar.gz /vmail ;;& crypt|all) docker run --rm \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_crypt-vol-1):/crypt \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_crypt-vol-1):/crypt:ro \ debian:stretch-slim /bin/tar --warning='no-file-ignored' -Pcvpzf /backup/backup_crypt.tar.gz /crypt ;;& redis|all) docker exec $(docker ps -qf name=redis-mailcow) redis-cli save docker run --rm \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_redis-vol-1):/redis \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_redis-vol-1):/redis:ro \ debian:stretch-slim /bin/tar --warning='no-file-ignored' -Pcvpzf /backup/backup_redis.tar.gz /redis ;;& rspamd|all) docker run --rm \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_rspamd-vol-1):/rspamd \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_rspamd-vol-1):/rspamd:ro \ debian:stretch-slim /bin/tar --warning='no-file-ignored' -Pcvpzf /backup/backup_rspamd.tar.gz /rspamd ;;& postfix|all) docker run --rm \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_postfix-vol-1):/postfix \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_postfix-vol-1):/postfix:ro \ debian:stretch-slim /bin/tar --warning='no-file-ignored' -Pcvpzf /backup/backup_postfix.tar.gz /postfix ;;& mysql|all) SQLIMAGE=$(grep -iEo '(mysql|mariadb)\:.+' ${COMPOSE_FILE}) docker run --rm \ --network $(docker network ls -qf name=${CMPS_PRJ}_) \ - -v $(docker volume ls -qf name=${CMPS_PRJ}_mysql-vol-1):/var/lib/mysql/ \ + -v $(docker volume ls -qf name=${CMPS_PRJ}_mysql-vol-1):/var/lib/mysql/:ro \ --entrypoint= \ -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup \ ${SQLIMAGE} /bin/sh -c "mysqldump -hmysql -uroot -p${DBROOT} --all-databases | gzip > /backup/backup_mysql.gz"