mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs
commit 2b73f729dcff425ced5d73540c57701ba3a9d699
parent e0fbb5574dffdcccf3bb73556186ad817ef59f06
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date:   Fri, 18 Dec 2020 06:25:10 +0100

Assign loopback address after creating network namespace. Remove some (probably) unused code.
Diffstat:

Msbin/ns_run | 3++-


Mservice_scripts/generic/run | 11++++++++---


Mservice_scripts/xsession/run | 28+++++++++++++---------------


3 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/sbin/ns_run b/sbin/ns_run
@@ -23,9 +23,10 @@
 
 # import variables from environment, with defaults
 multisubstitute {
+	importas -D container HOST HOST
+	importas -D /mnt/chroot NS_ROOT NS_ROOT
 	importas -D mnt/ns NS_TMPFS  NS_TMPFS
 	importas -D /mnt/volumes/containers/bin NS_BIN NS_BIN
-	importas -D /mnt/chroot NS_ROOT NS_ROOT
 }
 
 # check we are PID1 (in a new PID namespace)
diff --git a/service_scripts/generic/run b/service_scripts/generic/run
@@ -18,12 +18,17 @@ if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { mount -a --fstab data/fstab }
-s6-envuidgid -B ${CONTAINER_USER}:${CONTAINER_USER}
-multisubstitute { importas -i UID UID importas -i GID GID }
+
+# Put UID/GID of user and their exclusive group (same group name as user name)
+#s6-envuidgid -B ${CONTAINER_USER}:${CONTAINER_USER}
+
+#multisubstitute { importas -i UID UID importas -i GID GID }
 env
   HOST=${CONTAINER_NAME}
-  RUN_CHOWN=${UID}:${GID}
+  #RUN_CHOWN=${UID}:${GID}
   NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
+
+# Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below
 s6-envuidgid ${CONTAINER_USER}
 /root/ns_run data/root
 /mnt/ns/bin/s6-applyuidgid -U ${CONTAINER_USER_HOME}/run/init
diff --git a/service_scripts/xsession/run b/service_scripts/xsession/run
@@ -16,23 +16,21 @@ if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { mount -a --fstab data/fstab }
+
+# Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below
 s6-envuidgid ${CONTAINER_USER}
-if { env HOME=${CONTAINER_USER_HOME} s6-applyuidgid -U ${CONTAINER_USER_HOME}/xsession-setup ${CONTAINER_TMPFS} 6 }
+
+# Run user's script to populate /home /run and/or /tmp
+if {
+	env HOME=${CONTAINER_USER_HOME}
+	s6-applyuidgid -U
+	${CONTAINER_USER_HOME}/xsession-setup ${CONTAINER_TMPFS} 6
+}
+
 env
-  HOST=carbon
   NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
-unshare -n
-/root/ns_run data/root /mnt/ns/bin/s6-applyuidgid -U /run/init
 
+unshare -n  # make new network namespace
+if { ip addr add 127.0.0.1/24 dev lo }
 
-# if { rm -rf /run/containers/xsession.6.ccx }
-# if { mkdir -p /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
-# if { chmod 1770 /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
-# if { chown root:ccx /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
-# if { mount -a --fstab /mnt/volumes/containers/user/ccx/xsession.6/fstab }
-# if { env HOME=/home/ccx s6-applyuidgid -u 1000 -g 100 -G 1000 /home/ccx/xsession-setup /run/containers/xsession.6.ccx 6 }
-# env
-#   HOST=carbon
-#   NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
-# unshare -n
-# /root/ns_run /mnt/volumes/containers/user/ccx/xsession.6/root /mnt/ns/bin/s6-applyuidgid -u 1000 -g 100 -G 1000 /run/init
+/root/ns_run data/root /mnt/ns/bin/s6-applyuidgid -U /run/init