script to handle mounting and lockdown info in env - lnstools

commit f0a5b424dffd7546818fa8729cb7e3f9a76bdf5a
parent d2b3a9dd8b7df741b6a5b9ba3ed025bf16b9ad4e
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Thu, 13 Nov 2025 20:39:56 +0000

script to handle mounting and lockdown info in env

Diffstat:
A src/lns-mount-chroot  | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 66 insertions(+), 0 deletions(-)
diff --git a/src/lns-mount-chroot b/src/lns-mount-chroot
@@ -0,0 +1,66 @@
+#!/command/execlineb -S1
+
+multisubstitute {
+	importas -i 1 1  # require first argument
+	importas -D /mnt/chroot LNS_ROOT LNS_ROOT
+}
+shift -n 1 # remove first argument so we don't have to deal with it with runblock
+
+lns-mounts-to-env
+
+if { mount -o rbind $1 $NS_ROOT }
+
+# /proc
+if { mount -t proc proc ${LNS_ROOT}/proc }
+
+# /dev
+if { s6-mount -nwt tmpfs -o nosuid,dev,mode=0755 dev ${LNS_ROOT}/dev }
+if { mknod -m 666 ${LNS_ROOT}/dev/null c 1 3 }
+if { mknod -m 666 ${LNS_ROOT}/dev/full c 1 7 }
+if { mknod -m 666 ${LNS_ROOT}/dev/ptmx c 5 2 }
+if { mknod -m 644 ${LNS_ROOT}/dev/random c 1 8 }
+if { mknod -m 644 ${LNS_ROOT}/dev/urandom c 1 9 }
+if { mknod -m 666 ${LNS_ROOT}/dev/zero c 1 5 }
+if { mknod -m 666 ${LNS_ROOT}/dev/tty c 5 0 }
+if { s6-ln -sf /proc/self/fd ${LNS_ROOT}/dev/fd }
+if { s6-ln -sf /proc/self/fd/0 ${LNS_ROOT}/dev/stdin }
+if { s6-ln -sf /proc/self/fd/1 ${LNS_ROOT}/dev/stout }
+if { s6-ln -sf /proc/self/fd/2 ${LNS_ROOT}/dev/stderr }
+if { s6-ln -sf ../run/shm ${LNS_ROOT}/dev/shm }
+
+# dev/shm is intentionally ommited to allow custom mount or symlink
+# pts and mqueue are provided below
+
+# Create top-level /dev directories. Many may be bind-mounted from host if neededx.
+if {
+	mkdir
+
+	${LNS_ROOT}/dev/pts
+	${LNS_ROOT}/dev/mqueue
+
+	${LNS_ROOT}/dev/block
+	${LNS_ROOT}/dev/bus
+	${LNS_ROOT}/dev/bus/usb
+	${LNS_ROOT}/dev/char
+	${LNS_ROOT}/dev/dri
+	${LNS_ROOT}/dev/input
+	${LNS_ROOT}/dev/loop
+	${LNS_ROOT}/dev/net
+	${LNS_ROOT}/dev/snd
+	${LNS_ROOT}/dev/usb
+
+}
+if { mount -t devpts devpts ${LNS_ROOT}/dev/pts }
+if { s6-mount -nwt mqueue -o nosuid,nodev,noexec mqueue ${LNS_ROOT}/dev/mqueue }
+
+# run
+if {
+	cd $NS_ROOT
+	runblock 1
+}
+
+# now we can make /dev immutable
+if { mount -o remount,ro ${LNS_ROOT}/dev }
+
+# chainload into the rest of the argv
+runblock -r 1

	lnstools Linux namespace tools
	git clone https://ccx.te2000.cz/git/lnstools
	Log \| Files \| Refs