mount portidr as ro in batch mode

In batch mode we don't drop into a shell. Therefore, it's safe to mount
it as read-only as no modifications would happen.

Author: stkw0

ebuildtester/docker.py

@@ -149,10 +149,9 @@ def _setup_container(self, docker_image):
             docker = subprocess.Popen(docker_args)
             docker.wait()
 
-    def _create_container(self, docker_image, local_portage, overlays):
+    def _create_container(self, docker_image, portdir, overlays):
         """Create new container."""
 
-
         cache_dir = user_cache_dir("ebuildtester")
         os.makedirs(cache_dir, exist_ok=True)
 
@@ -162,6 +161,11 @@ def _create_container(self, docker_image, local_portage, overlays):
         pkgdir = "{}/packages".format(cache_dir)
         os.makedirs(pkgdir, exist_ok=True)
 
+        if options.OPTIONS.batch:
+            portdir_opt = "ro"
+        else:
+            portdir_opt = "rw"
+
         docker_args = options.OPTIONS.docker_command \
             + ["create",
                "--tty",
@@ -172,9 +176,9 @@ def _create_container(self, docker_image, local_portage, overlays):
                "--security-opt", "apparmor:unconfined",
                "--device", "/dev/fuse",
                "--workdir", "/root",
-               "--volume", "%s:/var/db/repos/gentoo" % local_portage,
-               "--volume", "%s:/var/cache/distfiles" % distdir,
-               "--volume", "%s:/var/cache/binpkgs" % pkgdir]
+               "--volume", f"{portdir}:/var/db/repos/gentoo:{portdir_opt}",
+               "--volume", f"{distdir}:/var/cache/distfiles",
+               "--volume", f"{pkgdir}:/var/cache/binpkgs"]
 
         if options.OPTIONS.storage_opt:
             for s in options.OPTIONS.storage_opt: