mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

container-bin-image (2206B)

      1 #!/usr/bin/env pthbs-build
      2 #+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089
      3 #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123
      4 #+busybox-login.19a5724cd3a76ecbed82750382269167ba73ff4db653a5b429e597cd5f988741
      5 #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9
      6 #+s6.43f7ad2aaeb2646da287c5bddf7c29c44d3f7b68a976beee75b60da44b54759e
      7 #+ccx-utils.ccaa449ada3142ef075f3c80a6e475520219814490557f308ded4685231a70ac
      8 #+applyuidgid-caps.2d571b717bda734b4464e7d3b36bb2c9eaa265fffd595bc090cbb137258121b8
      9 #+easyseccomp.a69f369af91163a534bf0d1bf51c74cd98c971d7eb5f61c2ee29afb6ba7a9344
     10 #+mlog.3a2fb37a92813d4c8700d3f9eb95753b0f2b72d5de13f03ba2f52fc0732ac487
     11 #@sha256:b9236c0fd504ffbc56f65d0522d2acadcd2683380eaa6f1873e8201eaa7388a5:default-policy.easyseccomp
     12 
     13 img="$pthbs_destdir/versions/$pthbs_package/container-bin-image"
     14 mkdir -p "$img"
     15 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
     16 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
     17 easyseccomp -i default-policy.easyseccomp -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
     18 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
     19 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
     20 cd "$img"
     21 
     22 # first commands without argv0 aliases
     23 for cmd in "${PATH%%:*}"/*; do
     24 	rp=$(realpath "$cmd")
     25 	base=$(basename "$rp")
     26 	if test $base = "${cmd##*/}"; then
     27 		if test -e "./$base"; then
     28 			printf "fatal: duplicate command file: '%s'\n" "$base"
     29 			exit 1
     30 		fi
     31 		cp -p "$rp" ./
     32 	fi
     33 done
     34 
     35 # now alias using symlinks
     36 for cmd in "${PATH%%:*}"/*; do
     37 	rp=$(realpath "$cmd")
     38 	base=$(basename "$rp")
     39 	if ! test $base = "${cmd##*/}"; then
     40 		if ! test -f "./$base"; then
     41 			cp -p "$rp" ./
     42 		fi
     43 		ln -s "./$base" "./${cmd##*/}"
     44 	fi
     45 done
     46 
     47 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do
     48 	if ! test -x "./$cmd"; then
     49 		printf "fatal: expected command not found: '%s'\n" "$cmd"
     50 		exit 1
     51 	fi
     52 done
     53 ./true
     54 ./seccomp-run ./seccomp-default.bpf ./true
     55 
     56 
     57 touch "$pthbs_destdir/versions/$pthbs_package/.install-links"