From cd96194400dfdae5ed34f3505963d37f62478c5b Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Sat, 23 Jan 2021 18:26:06 +0100
Subject: [PATCH 1/2] Check systemd supported options

Check the supported options in systemd and use what's availble.

Signed-off-by: Miek Gieben <miek@miek.nl>
---
 internal/provider/pod.go   |  2 +-
 internal/provider/probe.go | 39 ++++++++++++++++++++++++++++++++++++++
 internal/unit/file.go      |  3 +++
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 internal/provider/probe.go

diff --git a/internal/provider/pod.go b/internal/provider/pod.go
index c1b6105..2af684c 100644
--- a/internal/provider/pod.go
+++ b/internal/provider/pod.go
@@ -224,7 +224,7 @@ func (p *p) CreatePod(ctx context.Context, pod *corev1.Pod) error {
 		}
 		if len(bindmountsro) > 0 {
 			romount := strings.Join(bindmountsro, " ")
-			uf = uf.Insert("Service", "BindReadOnlyPaths", romount)
+			uf = uf.Insert("Service", Option("BindReadOnlyPaths"), romount)
 		}
 
 		for _, del := range deleteOptions {
diff --git a/internal/provider/probe.go b/internal/provider/probe.go
new file mode 100644
index 0000000..e7f0076
--- /dev/null
+++ b/internal/provider/probe.go
@@ -0,0 +1,39 @@
+package provider
+
+// supportedOptions contains a mappnig for supported systemd options. If an option
+// is supported the key name will be returned. Unsupported either return an
+// empty string (really not supported) or an alternative option that's better
+// than nothing at all.
+var supportedOptions = map[string]string{
+	"BindReadOnlyPaths": "BindReadOnlyPaths",
+}
+
+// ProbeSupportedOptions checks it the options in SupportedOptions are
+// supported by the systemd version running on this system. It will emit Info
+// logs for each unsupported option.
+func ProbeSupportedOptions() {
+	for option := range supportedOptions {
+		ok := probe(option)
+		switch option {
+		case "BindReadOnlyPaths":
+			if !ok {
+				supportedOptions[option] = "BindPaths" // drop the RO bit
+			}
+		}
+	}
+}
+
+// probe probes system to see if option is supported.
+func probe(option string) bool {
+	return true
+}
+
+// Option return the option that is supported by the detected systemd.
+func Option(option string) string {
+	opt, ok := supportedOptions[option]
+	if !ok {
+		// not found in map, return option as-is
+		return option
+	}
+	return opt
+}
diff --git a/internal/unit/file.go b/internal/unit/file.go
index 8f1da49..9c3b461 100644
--- a/internal/unit/file.go
+++ b/internal/unit/file.go
@@ -84,6 +84,7 @@ func (u *File) String() string {
 }
 
 // Insert adds name=value to section and returns a newly parsed pointer to File.
+// If name is the empty string this is a noop.
 func (u *File) Insert(section, name string, value ...string) *File {
 	opts := make([]*unit.UnitOption, len(value))
 	for i := range opts {
@@ -98,6 +99,7 @@ func (u *File) Insert(section, name string, value ...string) *File {
 }
 
 // Overwrite overwrites name=value in the section and returns a new File.
+// If name is the empty string this is a noop.
 func (u *File) Overwrite(section, name string, value ...string) *File {
 	opts := make([]*unit.UnitOption, len(u.Options))
 	j := 0
@@ -113,6 +115,7 @@ func (u *File) Overwrite(section, name string, value ...string) *File {
 }
 
 // Delete deletes name in the named section and returns a new File.
+// If name is the empty string this is a noop.
 func (u *File) Delete(section, name string) *File {
 	opts := make([]*unit.UnitOption, len(u.Options))
 	j := 0

From c573603fddc64e374f216313874f9c338ddfc2b7 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Sat, 23 Jan 2021 18:27:45 +0100
Subject: [PATCH 2/2] bla

Signed-off-by: Miek Gieben <miek@miek.nl>
---
 internal/unit/file.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/unit/file.go b/internal/unit/file.go
index 9c3b461..e44e7d0 100644
--- a/internal/unit/file.go
+++ b/internal/unit/file.go
@@ -86,6 +86,9 @@ func (u *File) String() string {
 // Insert adds name=value to section and returns a newly parsed pointer to File.
 // If name is the empty string this is a noop.
 func (u *File) Insert(section, name string, value ...string) *File {
+	if name == "" {
+		return u
+	}
 	opts := make([]*unit.UnitOption, len(value))
 	for i := range opts {
 		opts[i] = &unit.UnitOption{
@@ -101,6 +104,9 @@ func (u *File) Insert(section, name string, value ...string) *File {
 // Overwrite overwrites name=value in the section and returns a new File.
 // If name is the empty string this is a noop.
 func (u *File) Overwrite(section, name string, value ...string) *File {
+	if name == "" {
+		return u
+	}
 	opts := make([]*unit.UnitOption, len(u.Options))
 	j := 0
 	for _, o := range u.Options {
@@ -115,7 +121,6 @@ func (u *File) Overwrite(section, name string, value ...string) *File {
 }
 
 // Delete deletes name in the named section and returns a new File.
-// If name is the empty string this is a noop.
 func (u *File) Delete(section, name string) *File {
 	opts := make([]*unit.UnitOption, len(u.Options))
 	j := 0