=== modified file 'zsh-functions/confz_containers_init'
--- old/zsh-functions/confz_containers_init	2021-01-15 16:46:40 +0000
+++ new/zsh-functions/confz_containers_init	2020-12-16 15:24:35 +0000
@@ -1,205 +1,5 @@
 # vim: ft=zsh noet ts=4 sts=4 sw=4
 
-
-# find: ‘./event’: Permission denied
-# /	d	o0:0	m755
-# /clone-newpid	cN		o0:0	m644
-# /data	d	o0:0	m755
-# /data/fstab
-# CN	/mnt/volumes/containers/alpine-xsession	/mnt/volumes/containers/user/ccx/xsession.6/root	none	bind,ro	0 0
-# 	/run/containers/xsession.6.ccx/run	/mnt/volumes/containers/user/ccx/xsession.6/root/run	none	bind	0 0
-# 	/run/containers/xsession.6.ccx/tmp	/mnt/volumes/containers/user/ccx/xsession.6/root/tmp	none	bind	0 0
-# 	/run/containers/xsession.6.ccx/home	/mnt/volumes/containers/user/ccx/xsession.6/root/home	none	bind	0 0
-# 	/run/containers/xsession.6.ccx/inbox	/mnt/volumes/containers/user/ccx/xsession.6/root/run/inbox	none	bind,ro	0 0
-# o0:0	m644
-# /data/root	l	/mnt/volumes/containers/user/ccx/xsession.6/root	o0:0	m777
-# /down	cN		o0:0	m644
-# /env	d	o0:0	m755
-# /env/CONTAINER_NAME	cN	xsession.6	o0:0	m644
-# /env/CONTAINER_USER	cN	ccx	o0:0	m644
-# /event	d	o0:100	m3730
-# /finish	l	/usr/local/bzr/containers/service_scripts/xsession/finish	o0:0	m777
-# /run	l	/usr/local/bzr/containers/service_scripts/xsession/run	o0:0	m777
-# /supervise	d	o0:0	m755
-# /supervise/control	p	o1000:0	m600
-# /supervise/death_tally	cN		o0:0	m644
-# /supervise/lock	cN		o1000:0	m644
-# /supervise/status	B	QAAAAF/8iBYvOSJcQAAAAF/8iBYvOSJcAAAAAAAAAAAAABQ=
-# o0:0	m644
-
-confz_container_service_check() {
-	checkvars svc_dir root_link run_link finish_link fstab
-	defvar down true
-	defvar control_user root
-	defvar control_group root
-
-	require fs_d flags=p filename=$vars[svc_dir]
-	require fs_m filename=$vars[svc_dir] mode=755
-
-	if $vars[down]; then
-		require fs_f filename=$vars[svc_dir]/down
-	else
-		require fs_r filename=$vars[svc_dir]/down
-	fi
-
-	require fs_f filename=$vars[svc_dir]/clone_newpid
-
-	require fs_d filename=$vars[svc_dir]/data
-	require fs_m filename=$vars[svc_dir]/data mode=755
-
-	require fs_l filename=$vars[svc_dir]/data/root \
-		destination=$vars[root_link]
-
-	require fs_c filename=$vars[svc_dir]/data/fstab \
-		content_call="printf '%s\n' ${(Q)vars[fstab]}"
-	require fs_m filename=$vars[svc_dir]/data/fstab mode=644
-
-	require fs_l filename=$vars[svc_dir]/data/run \
-		destination=$vars[run_link]
-	require fs_l filename=$vars[svc_dir]/data/finish \
-		destination=$vars[finish_link]
-
-	require fs_d filename=$vars[svc_dir]/event
-	require fs_o filename=$vars[svc_dir]/event \
-		owner=0 group=$vars[control_group]
-	require fs_m filename=$vars[svc_dir]/event mode=3730
-
-	require fs_d filename=$vars[svc_dir]/supervise
-	require fs_o filename=$vars[svc_dir]/supervise \
-		owner=0 group=0
-	require fs_m filename=$vars[svc_dir]/supervise mode=755
-
-	require fs_pipe filename=$vars[svc_dir]/supervise/control
-	require fs_o filename=$vars[svc_dir]/supervise/control \
-		owner=$vars[control_user] group=0
-	require fs_m filename=$vars[svc_dir]/supervise/control mode=600
-
-	require fs_f filename=$vars[svc_dir]/supervise/lock
-	require fs_o filename=$vars[svc_dir]/supervise/lock \
-		owner=$vars[control_user] group=0
-	require fs_m filename=$vars[svc_dir]/supervise/lock mode=644
-}
-
-confz_container_service_preset_check() {
-	local preset_dir=/usr/local/bzr/containers/service_scripts
-	checkvars svc_dir preset
-	[[ -x $preset_dir/$vars[preset]/run ]] || die "not an executable file: $preset_dir/$vars[preset]/run"
-	[[ -x $preset_dir/$vars[preset]/finish ]] || die "not an executable file: $preset_dir/$vars[preset]/finish"
-	require container_service \
-		run_link=$preset_dir/$vars[preset]/run \
-		finish_link=$preset_dir/$vars[preset]/finish \
-		:svc_dir :root_link :fstab :down :control_user :control_group
-}
-
-confz_container_service_generic_check() {
-	local uid gid container_user_dir svc_dir
-	local -a fstab
-	checkvars containers_dir svscan_dir image_name user
-	defvar fstab_extra ''
-
-	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
-	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
-
-	require fs_d filename=$vars[containers_dir]/user/$vars[user]
-	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
-	require fs_o filename=$vars[containers_dir]/user/$vars[user] owner=0:gid
-
-	container_user_dir=$vars[containers_dir]/user/$vars[user]/$vars[image_name]
-	require fs_d filename=$container_user_dir
-	require fs_m filename=$container_user_dir mode=751
-	require fs_o filename=$container_user_dir owner=0:gid
-
-	require fs_d filename=$container_user_dir/root
-	require fs_m filename=$container_user_dir/root mode=751
-	require fs_o filename=$container_user_dir/root owner=0:$gid
-
-	require fs_d filename=$container_user_dir/home
-	require fs_m filename=$container_user_dir/home mode=751
-	require fs_o filename=$container_user_dir/home owner=0:$gid
-
-	require fs_d filename=$container_user_dir/home/$vars[user]
-	require fs_o filename=$container_user_dir/home/$vars[user] owner=$uid:$gid
-
-	require fs_d filename=$vars[containers_dir]/home/$vars[user]
-	require fs_m filename=$vars[containers_dir]/home/$vars[user] mode=751
-	require fs_o filename=$vars[containers_dir]/home/$vars[user] owner=0:gid
-
-	require fs_l filename=$vars[containers_dir]/home/$vars[user]/$vars[image_name] \
-		destination=../../user/$vars[user]/$vars[image_name]/home/$vars[user]
-
-	fstab=(
-		$vars[containers_dir]/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
-		$container_user_dir/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/inbox$'\t'$container_user_dir/root/run/inbox$'\tnone\tbind,nosuid,nodev\t0 0'
-		"${(f@)vars[fstab_extra]}"
-	)
-
-	svc_dir=$vars[svscan_dir]/container.$vars[image_name].$vars[user]
-	require container_service_preset preset=generic \
-		svc_dir=$svc_dir control_user=$uid control_group=$gid \
-		root_link=$container_user_dir/root \
-		fstab=${(F)fstab} :down
-	require fs_d filename=$svc_dir/env
-	require fs_c filename=$svc_dir/env/CONTAINER_USER \
-		content_call="printf '%s\n' "${(q)vars[user]}
-	require fs_c filename=$svc_dir/env/CONTAINER_NAME \
-		content_call="printf '%s\n' "${(q)vars[image_name]}
-}
-
-confz_container_service_xsession_check() {
-	local uid gid container_user_dir svc_dir
-	local -a fstab
-	checkvars containers_dir svscan_dir image_name user display_number
-	defvar fstab_extra ''
-
-	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
-	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
-
-	require fs_d filename=$vars[containers_dir]/user/$vars[user]
-	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
-	require fs_o filename=$vars[containers_dir]/user/$vars[user] owner=0:gid
-
-	container_user_dir=$vars[containers_dir]/user/$vars[user]/$vars[image_name]
-	require fs_d filename=$container_user_dir
-	require fs_m filename=$container_user_dir mode=751
-	require fs_o filename=$container_user_dir owner=0:gid
-
-	require fs_d filename=$container_user_dir/root
-	require fs_m filename=$container_user_dir/root mode=751
-	require fs_o filename=$container_user_dir/root owner=0:$gid
-
-	require fs_d filename=$vars[containers_dir]/home/$vars[user]
-	require fs_m filename=$vars[containers_dir]/home/$vars[user] mode=751
-	require fs_o filename=$vars[containers_dir]/home/$vars[user] owner=0:gid
-
-	require fs_l filename=$vars[containers_dir]/home/$vars[user]/$vars[image_name] \
-		destination=../../user/$vars[user]/$vars[image_name]/root/home/$vars[user]
-
-	fstab=(
-		$vars[containers_dir]/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
-		/run/containers/$vars[image_name].$vars[user]/inbox$'\t'$container_user_dir/root/run/inbox$'\tnone\tbind,nosuid,nodev\t0 0'
-		"${(f@)vars[fstab_extra]}"
-	)
-
-	svc_dir=$vars[svscan_dir]/container.xsession.$vars[display_number].$vars[user]
-	require container_service_preset preset=xsession \
-		svc_dir=$svc_dir control_user=$uid control_group=$gid \
-		root_link=$container_user_dir/root \
-		fstab=${(F)fstab} :down
-	require fs_d filename=$svc_dir/env
-	require fs_c filename=$svc_dir/env/CONTAINER_USER \
-		content_call="printf '%s\n' "${(q)vars[user]}
-	require fs_c filename=$svc_dir/env/CONTAINER_NAME \
-		content_call="printf '%s\n' "${(q)HOST}
-}
-
-# --- old
-
 confz_container_installed_alpine_check() {
 	checkvars container_root arch
 	defvar keys_dir /etc/apk/keys
@@ -217,6 +17,26 @@
 	done
 }
 
+confz_container_dev_nodes_check() {
+	checkvars container_root
+	local R=$vars[container_root]
+	require fs_d flags= filename=$R/dev
+	require fs_d flags= filename=$R/dev/pts
+	require fs_d flags= filename=$R/dev/shm
+	require fs_l flags= filename=$R/dev/stdin destination=/proc/self/fd/0
+	require fs_l flags= filename=$R/dev/stdout destination=/proc/self/fd/1
+	require fs_l flags= filename=$R/dev/stderr destination=/proc/self/fd/2
+	require fs_l flags= filename=$R/dev/fd destination=/proc/self/fd
+	require fs_device flags= filename=$R/dev/full \
+		device_type=c major=1 minor=7
+	require fs_device flags= filename=$R/dev/null \
+		device_type=c major=1 minor=3
+	require fs_device flags= filename=$R/dev/ptmx \
+		device_type=c major=5 minor=2
+	require fs_device flags= filename=$R/dev/zero \
+		device_type=c major=1 minor=5
+}
+
 confz_container_alpine_configured_check() {
 	checkvars container_root arch keys_dir repositories
 	local R=$vars[container_root]
@@ -337,3 +157,20 @@
 
 
 }
+
+container_svc_run() {
+	local uid_gid=$1
+	local D=$2
+	printf '%s\n' \
+	"C	#!/command/execlineb" \
+	"	if { mount -a --fstab $vars[containers_dir]/user/$vars[user]/$vars[container_name]/fstab }" \
+	"	env HOST=$vars[container_name] RUN_CHOWN=$uid_gid /root/ns_run $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union -u $uid_gid /home/$vars[user]/run/init"
+}
+
+container_svc_finish() {
+	local D=$1
+	printf '%s\n' \
+	"C	#!/command/execlineb" \
+	"	foreground { umount $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union/run }" \
+	"	umount $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union" 
+}

=== removed file 'zsh-functions/confz_site_containers_init'
--- old/zsh-functions/confz_site_containers_init	2021-01-15 16:46:40 +0000
+++ new/zsh-functions/confz_site_containers_init	1970-01-01 00:00:00 +0000
@@ -1,22 +0,0 @@
-# vim: ft=zsh noet ts=4 sts=4 sw=4
-
-confz_site_containers_check() {
-	checkvars containers_dir svscan_dir user
-	local display container
-	for display in 5 6 7 8; do
-		require container_service_xsession \
-			display_number=$display image_name=alpine-xsession \
-			:containers_dir :svscan_dir :user
-	done
-	for container in alpine-{games,dev,browsers}; do
-		require container_service_generic \
-			image_name=$container \
-			:containers_dir :svscan_dir :user
-	done
-}
-
-confz_site_containers_check() {
-	require site_containers_user user=ccx \
-		containers_dir=/mnt/volumes/containers \
-		svscan_dir=/run/service
-}