When we mount the container's root filesystem as read-only, mount
an anonymous volume in /home/tex so that it's writable. Our TeX Live
images have cached content in /home/tex. This content will automatically
get copied by Docker into this anonymous volume.
- move setting into clsi.docker namespace
- rename the variable for images to allowedImages / ALLOWED_IMAGES
- add an additional check for the image name into the DockerRunner
Co-Authored-By: Brian Gough <brian.gough@overleaf.com>
The docker api returns each name with a `/` prefix.
In order to not interfere with pending compiles, the deletion process
has to acquire an internal lock on the container. The LockManager uses
the plain container name without the slash: `project-xxx`.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>