commit 2623d2a602cee2ef7a388ad04b46b0eb3fb3dfb1
parent ae88a8a8e21fbf6f55844639b4e64b75519deb0c
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date: Fri, 18 Dec 2020 06:03:42 +0100
Clarify wording of some comments.
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sbin/ns_run b/sbin/ns_run
@@ -4,13 +4,14 @@
##
## Creates isolated namespace/container with given root and runs given
## executable in it.
+##
## Environment variables used:
## HOST - hostname to set
## NS_ROOT - where to bind-mount the root directory
## NS_EXTRA - extra execline script to run after setting up the namespaces
## and mounting essential filesystems but before entering it
## and unmounting host filesystem
-## NS_FSTAB - file with extra mounts to make after running above script
+## NS_FSTAB - file with extra mounts to perform after running above script
## NS_TMPFS - place to store binaries in the container that are run
## before dropping privs, relative path from new root
## NS_BIN - directory to get said binaries from; currently needs:
@@ -40,7 +41,8 @@ unexport PID
unshare -m -u -i # new mount, UTS and IPC namespaces
foreground { importas -i HOST HOST hostname $HOST }
-# We will generate final script we exec into before we start mounting anything,
+# We will generate final script we will exec into to enter the container.
+# We need to generate it before we start mounting anything,
# so only the mountpoints that exist at this point will get unmounted and
# everything we will mount below will stay.
backtick -i NS_FINAL_SCRIPT {
