mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

container-bin-image (2025B)

      1 {% extends "base" %}
      2 {%- import "package_sets" as ps -%}
      3 {% block body -%}
      4 {{ ps.busybox_common() }}
      5 {{ ps.busybox_uncommon() }}
      6 #+{{pkg_install_name("busybox-diffutils")}}
      7 #+{{pkg_install_name("busybox-findutils")}}
      8 #+{{pkg_install_name("busybox-login")}}
      9 #+{{pkg_install_name("execline")}}
     10 #+{{pkg_install_name("s6")}}
     11 #+{{pkg_install_name("ccx-utils")}}
     12 #+{{pkg_install_name("applyuidgid-caps")}}
     13 #+{{pkg_install_name("easyseccomp")}}
     14 #+{{pkg_install_name("mlog")}}
     15 #+{{pkg_install_name("abduco")}}
     16 #+{{pkg_install_name("nawk")}}
     17 #@sha256:{{files["default-policy.easyseccomp"]}}:default-policy.easyseccomp
     18 
     19 img="$pthbs_destdir{{versions}}/$pthbs_package/container-bin-image"
     20 mkdir -p "$img"
     21 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
     22 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
     23 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
     24 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
     25 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
     26 cd "$img"
     27 
     28 # first commands without argv0 aliases
     29 for cmd in "${PATH%%:*}"/*; do
     30 	rp=$(realpath "$cmd")
     31 	base=$(basename "$rp")
     32 	if test $base = "${cmd##*/}"; then
     33 		if test -e "./$base"; then
     34 			printf "fatal: duplicate command file: '%s'\n" "$base"
     35 			exit 1
     36 		fi
     37 		cp -p "$rp" ./
     38 	fi
     39 done
     40 
     41 # now alias using symlinks
     42 for cmd in "${PATH%%:*}"/*; do
     43 	rp=$(realpath "$cmd")
     44 	base=$(basename "$rp")
     45 	if ! test $base = "${cmd##*/}"; then
     46 		if ! test -f "./$base"; then
     47 			cp -p "$rp" ./
     48 		fi
     49 		ln -s "./$base" "./${cmd##*/}"
     50 	fi
     51 done
     52 
     53 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do
     54 	if ! test -x "./$cmd"; then
     55 		printf "fatal: expected command not found: '%s'\n" "$cmd"
     56 		exit 1
     57 	fi
     58 done
     59 ./true
     60 ./seccomp-run ./seccomp-default.bpf ./true
     61 
     62 
     63 touch "$pthbs_destdir{{versions}}/$pthbs_package/.install-links"
     64 {% endblock %}