New mount test structure.

test/docker_tests/configurations/README.md

@@ -0,0 +1,46 @@
+# NetAlertX Docker Test Configurations
+
+This directory contains docker-compose configurations for different test scenarios.
+
+## Available Configurations
+
+### readonly
+- **File**: `docker-compose.readonly.yml`
+- **Description**: Tests with a read-only container filesystem
+- **Use case**: Verify that the application works correctly when the container filesystem is read-only
+
+### writable
+- **File**: `docker-compose.writable.yml`
+- **Description**: Tests with writable tmpfs mounts for performance
+- **Use case**: Standard testing with optimized writable directories
+
+## Mount Diagnostic Tests
+
+The `mount-tests/` subdirectory contains 24 docker-compose configurations that test all possible mount scenarios for each path that NetAlertX monitors:
+
+- **6 paths**: `/app/db`, `/app/config`, `/app/api`, `/app/log`, `/services/run`, `/services/config/nginx/conf.active`
+- **4 scenarios per path**: `no-mount`, `ramdisk`, `mounted`, `unwritable`
+- **Total**: 24 comprehensive test configurations
+
+### Running Tests
+
+Use pytest to run the mount diagnostic tests:
+
+```bash
+cd /workspaces/NetAlertX/test/docker_tests
+pytest test_mount_diagnostics_pytest.py -v
+```
+
+Or run specific test scenarios:
+
+```bash
+pytest test_mount_diagnostics_pytest.py -k "db_ramdisk"
+```
+
+### Test Coverage
+
+Each test validates that the mount diagnostic tool (`/entrypoint.d/10-mounts.py`) correctly identifies:
+- **Good configurations**: No issues reported, exit code 0
+- **Bad configurations**: Issues detected in table format, exit code 1
+
+The tests ensure that persistent paths (db, config) require durable storage (volumes) while non-persistent paths (api, log, run) benefit from fast storage (tmpfs).

test/docker_tests/configurations/docker-compose.readonly.yml

@@ -0,0 +1,55 @@
+services:
+  netalertx:
+    # Read-only container configuration for testing
+    network_mode: ${NETALERTX_NETWORK_MODE:-host}
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-readonly
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+
+    volumes:
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+
+      - type: bind
+        source: /etc/localtime
+        target: /etc/localtime
+        read_only: true
+
+    environment:
+      LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0}
+      PORT: ${PORT:-20211}
+      APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-20212}
+      ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false}
+      NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0}
+
+    mem_limit: 2048m
+    mem_reservation: 1024m
+    cpu_shares: 512
+    pids_limit: 512
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    restart: unless-stopped
+
+volumes:
+  netalertx_config:
+  netalertx_db:

test/docker_tests/configurations/docker-compose.writable.yml

@@ -0,0 +1,68 @@
+services:
+  netalertx:
+    # Writable container configuration with tmpfs mounts for performance testing
+    network_mode: ${NETALERTX_NETWORK_MODE:-host}
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-writable
+    read_only: false
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+
+    volumes:
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+
+      - type: bind
+        source: /etc/localtime
+        target: /etc/localtime
+        read_only: true
+
+    # Tempfs mounts for writable directories in a read-only container and improve system performance
+    tmpfs:
+      # Speed up logging
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      # Speed up API access
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime"
+      # Required for customization of the nginx listen addr/port
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      # Required for nginx and php
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      # Required by php for session save
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+
+    environment:
+      LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0}
+      PORT: ${PORT:-20211}
+      APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-20212}
+      ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false}
+      NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0}
+
+    mem_limit: 2048m
+    mem_reservation: 1024m
+    cpu_shares: 512
+    pids_limit: 512
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    restart: unless-stopped
+
+volumes:
+  netalertx_config:
+  netalertx_db:

test/docker_tests/configurations/mount-tests/README.md

@@ -0,0 +1,45 @@
+# Mount Diagnostic Test Configurations
+
+This directory contains docker-compose files for testing all possible mount configurations.
+
+## Generated Files
+
+- `docker-compose.mount-test.db_no-mount.yml`: No mount - use container filesystem for db_no-mount
+- `docker-compose.mount-test.db_ramdisk.yml`: RAM disk (tmpfs) for db_ramdisk
+- `docker-compose.mount-test.db_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for db_mounted
+- `docker-compose.mount-test.db_unwritable.yml`: Read-only mount for db_unwritable
+- `docker-compose.mount-test.config_no-mount.yml`: No mount - use container filesystem for config_no-mount
+- `docker-compose.mount-test.config_ramdisk.yml`: RAM disk (tmpfs) for config_ramdisk
+- `docker-compose.mount-test.config_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for config_mounted
+- `docker-compose.mount-test.config_unwritable.yml`: Read-only mount for config_unwritable
+- `docker-compose.mount-test.api_no-mount.yml`: No mount - use container filesystem for api_no-mount
+- `docker-compose.mount-test.api_ramdisk.yml`: RAM disk (tmpfs) for api_ramdisk
+- `docker-compose.mount-test.api_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for api_mounted
+- `docker-compose.mount-test.api_unwritable.yml`: Read-only mount for api_unwritable
+- `docker-compose.mount-test.log_no-mount.yml`: No mount - use container filesystem for log_no-mount
+- `docker-compose.mount-test.log_ramdisk.yml`: RAM disk (tmpfs) for log_ramdisk
+- `docker-compose.mount-test.log_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for log_mounted
+- `docker-compose.mount-test.log_unwritable.yml`: Read-only mount for log_unwritable
+- `docker-compose.mount-test.run_no-mount.yml`: No mount - use container filesystem for run_no-mount
+- `docker-compose.mount-test.run_ramdisk.yml`: RAM disk (tmpfs) for run_ramdisk
+- `docker-compose.mount-test.run_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for run_mounted
+- `docker-compose.mount-test.run_unwritable.yml`: Read-only mount for run_unwritable
+- `docker-compose.mount-test.active_config_no-mount.yml`: No mount - use container filesystem for active_config_no-mount
+- `docker-compose.mount-test.active_config_ramdisk.yml`: RAM disk (tmpfs) for active_config_ramdisk
+- `docker-compose.mount-test.active_config_mounted.yml`: Proper mount (volume for persistent, none for non-persistent) for active_config_mounted
+- `docker-compose.mount-test.active_config_unwritable.yml`: Read-only mount for active_config_unwritable
+
+## Usage
+
+Run tests using pytest:
+
+```bash
+cd /workspaces/NetAlertX/test/docker_tests
+pytest test_mount_diagnostics_pytest.py
+```
+
+Or run specific scenarios:
+
+```bash
+pytest test_mount_diagnostics_pytest.py -k "db_ramdisk"
+```

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_mounted.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-active_config_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /services/config/nginx/conf.active
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_system_services_active_config
+        target: /services/config/nginx/conf.active
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_no-mount.yml

@@ -0,0 +1,44 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-active_config_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /services/config/nginx/conf.active
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_ramdisk.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-active_config_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /services/config/nginx/conf.active
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_unwritable.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-active_config_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /services/config/nginx/conf.active
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_system_services_active_config
+        target: /services/config/nginx/conf.active
+        read_only: true
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_mounted.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-api_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_API: /app/api
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_netalertx_api
+        target: /app/api
+        read_only: false
+    tmpfs:
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_no-mount.yml

@@ -0,0 +1,44 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-api_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_API: /app/api
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_ramdisk.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-api_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_API: /app/api
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_unwritable.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-api_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_API: /app/api
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_netalertx_api
+        target: /app/api
+        read_only: true
+    tmpfs:
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.config_mounted.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-config_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_CONFIG: /app/config
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: test_netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.config_no-mount.yml

@@ -0,0 +1,41 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-config_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_CONFIG: /app/config
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.config_ramdisk.yml

@@ -0,0 +1,42 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-config_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_CONFIG: /app/config
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+    tmpfs:
+      - "/app/config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.config_unwritable.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-config_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_CONFIG: /app/config
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: test_netalertx_config
+        target: /app/config
+        read_only: true
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_mounted.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-db_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_DB: /app/db
+
+    volumes:
+      - type: volume
+        source: test_netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_no-mount.yml

@@ -0,0 +1,41 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-db_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_DB: /app/db
+
+    volumes:
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_ramdisk.yml

@@ -0,0 +1,42 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-db_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_DB: /app/db
+
+    volumes:
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/db:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_unwritable.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-db_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_DB: /app/db
+
+    volumes:
+      - type: volume
+        source: test_netalertx_db
+        target: /app/db
+        read_only: true
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_mounted.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-log_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_LOG: /app/log
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_netalertx_log
+        target: /app/log
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_no-mount.yml

@@ -0,0 +1,44 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-log_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_LOG: /app/log
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_ramdisk.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-log_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_LOG: /app/log
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_unwritable.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-log_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      NETALERTX_LOG: /app/log
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_netalertx_log
+        target: /app/log
+        read_only: true
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.run_mounted.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-run_mounted
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_RUN: /services/run
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_system_services_run
+        target: /services/run
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.run_no-mount.yml

@@ -0,0 +1,44 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-run_no-mount
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_RUN: /services/run
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.run_ramdisk.yml

@@ -0,0 +1,45 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-run_ramdisk
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_RUN: /services/run
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config:

test/docker_tests/configurations/mount-tests/docker-compose.mount-test.run_unwritable.yml

@@ -0,0 +1,48 @@
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-run_unwritable
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      LISTEN_ADDR: 0.0.0.0
+      PORT: 9999  # Use non-default port to test all paths
+      APP_CONF_OVERRIDE: 20212
+      ALWAYS_FRESH_INSTALL: true
+      NETALERTX_DEBUG: 0
+      SYSTEM_SERVICES_RUN: /services/run
+
+    volumes:
+      - type: volume
+        source: netalertx_db
+        target: /app/db
+        read_only: false
+      - type: volume
+        source: netalertx_config
+        target: /app/config
+        read_only: false
+      - type: volume
+        source: test_system_services_run
+        target: /services/run
+        read_only: true
+    tmpfs:
+      - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+volumes:
+  netalertx_config:
+  netalertx_db:
+  test_netalertx_db:
+  test_netalertx_config:
+  test_netalertx_api:
+  test_netalertx_log:
+  test_system_services_run:
+  test_system_services_active_config: