container-bin-image (2224B)
1 #!/usr/bin/env pthbs-build 2 #+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 3 #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc 4 #+busybox-login.017a86259417733b5da3c777acd5f2d4f6e3cfbf99d40440d952c2fe30d8e883 5 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f 6 #+s6.087ce2658d9f8b1c38f8f6999d2cfef0bf3b53afaf07f01495091883c154899e 7 #+ccx-utils.ab28a8d701f60db69818ef22c546d02eca1ba3900bcdeaf5676bcc13d4b7f114 8 #+applyuidgid-caps.9856a13db04a0f0192c4208744de2c649db2ae721dc0d0dd37eb90346236a514 9 #+easyseccomp.6631f58c9fe090f2b2becc5ac606901736aba4ad2a0075f6402bec85eaa3df7b 10 #+mlog.a63c78a5967e11f6fcac02b7eced93c023b82172f901e0f3929fad33b591f676 11 #@sha256:b9236c0fd504ffbc56f65d0522d2acadcd2683380eaa6f1873e8201eaa7388a5:default-policy.easyseccomp 12 13 img="$pthbs_destdir/home/ccx/versions/$pthbs_package/container-bin-image" 14 mkdir -p "$img" 15 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf" 16 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf" 17 easyseccomp -i default-policy.easyseccomp -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf" 18 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf" 19 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf" 20 cd "$img" 21 22 # first commands without argv0 aliases 23 for cmd in "${PATH%%:*}"/*; do 24 rp=$(realpath "$cmd") 25 base=$(basename "$rp") 26 if test $base = "${cmd##*/}"; then 27 if test -e "./$base"; then 28 printf "fatal: duplicate command file: '%s'\n" "$base" 29 exit 1 30 fi 31 cp -p "$rp" ./ 32 fi 33 done 34 35 # now alias using symlinks 36 for cmd in "${PATH%%:*}"/*; do 37 rp=$(realpath "$cmd") 38 base=$(basename "$rp") 39 if ! test $base = "${cmd##*/}"; then 40 if ! test -f "./$base"; then 41 cp -p "$rp" ./ 42 fi 43 ln -s "./$base" "./${cmd##*/}" 44 fi 45 done 46 47 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do 48 if ! test -x "./$cmd"; then 49 printf "fatal: expected command not found: '%s'\n" "$cmd" 50 exit 1 51 fi 52 done 53 ./true 54 ./seccomp-run ./seccomp-default.bpf ./true 55 56 57 touch "$pthbs_destdir/home/ccx/versions/$pthbs_package/.install-links"