I have been reading this document on how to prevent balena updates on a device
However while the process of creating and removing a file is clear, it is very unclear how this works in terms of a container.
I have a BalenaOS device with multiple services and it is my understanding that a service would basically handle this functionality. So I wrote a service that handles locking/unlocking and added to my docker-compose file however when I try mounting the host
/tmp/balena I get a message back from the Balena CLI saying that
Bind mounts are not allowed.
So right now I am at a loss on how do I prevent the entire device from being updated using this method. Am I supposed to ssh into each device and perform the lock by hand directly on the host? It seems putting the lock inside the “locking service”
/tmp/balena folder doesn’t work either.
Any guidelines on the matter?