service scripts - mrrl-containers - MRRL version of container scripts

commit 34fd3229bdbebea0c26ac24b58fc353f9dcec66b
parent 1cb47b4c736b921c9b977dd0efef940800814e8b
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Wed, 16 Dec 2020 16:24:48 +0100

service scripts
Diffstat:
A service_scripts/generic/finish  | 12 ++++++++++++
A service_scripts/generic/run  | 29 +++++++++++++++++++++++++++++
A service_scripts/xsession/finish  | 17 +++++++++++++++++
A service_scripts/xsession/run  | 38 ++++++++++++++++++++++++++++++++++++++

4 files changed, 96 insertions(+), 0 deletions(-)
diff --git a/service_scripts/generic/finish b/service_scripts/generic/finish
@@ -0,0 +1,12 @@
+#!/command/execlineb
+s6-envdir env
+multisubstitute {
+	importas -i CONTAINER_NAME CONTAINER_NAME
+	importas -i CONTAINER_USER CONTAINER_USER
+}
+multisubstitute {
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+}
+foreground { umount --recursive ${CONTAINER_DATA}/union }
+rm -rf ${CONTAINER_TMPFS}
diff --git a/service_scripts/generic/run b/service_scripts/generic/run
@@ -0,0 +1,29 @@
+#!/command/execlineb
+#define CONTAINER_NAME alpine-games
+#define CONTAINER_USER ccx
+s6-envdir env
+multisubstitute {
+	importas -i CONTAINER_NAME CONTAINER_NAME
+	importas -i CONTAINER_USER CONTAINER_USER
+}
+backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
+multisubstitute {
+	importas -i CONTAINER_USER_HOME CONTAINER_USER_HOME
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+	define -s tmpfs_dirs "home run tmp inbox run/inbox tmp/.X11-unix"
+}
+if { rm -rf ${CONTAINER_TMPFS} }
+if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { mount -a --fstab /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}/fstab }
+s6-envuidgid -B ${CONTAINER_USER}:${CONTAINER_USER}
+multisubstitute { importas -i UID UID importas -i GID GID }
+env
+  HOST=${CONTAINER_NAME}
+  RUN_CHOWN=${UID}:${GID}
+  NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
+s6-envuidgid ${CONTAINER_USER}
+/root/ns_run /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}/union
+/mnt/ns/bin/s6-applyuidgid -U ${CONTAINER_USER_HOME}/run/init
diff --git a/service_scripts/xsession/finish b/service_scripts/xsession/finish
@@ -0,0 +1,17 @@
+#!/command/execlineb
+s6-envdir env
+multisubstitute {
+	importas -i CONTAINER_NAME CONTAINER_NAME
+	importas -i CONTAINER_USER CONTAINER_USER
+}
+multisubstitute {
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+}
+foreground { umount ${CONTAINER_TMPFS}/home }
+foreground { umount ${CONTAINER_TMPFS}/run }
+foreground { umount ${CONTAINER_TMPFS}/inbox }
+foreground { umount ${CONTAINER_TMPFS}/tmp }
+foreground { umount --recursive ${CONTAINER_DATA}/root }
+rm -rf ${CONTAINER_TMPFS}
+#rm -rf /run/containers/xsession.6.ccx
diff --git a/service_scripts/xsession/run b/service_scripts/xsession/run
@@ -0,0 +1,38 @@
+#!/command/execlineb
+s6-envdir env
+multisubstitute {
+	importas -i CONTAINER_NAME CONTAINER_NAME
+	importas -i CONTAINER_USER CONTAINER_USER
+}
+backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
+multisubstitute {
+	importas -i CONTAINER_USER_HOME CONTAINER_USER_HOME
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+	define -s tmpfs_dirs "home run tmp inbox run/inbox tmp/.X11-unix"
+}
+if { rm -rf ${CONTAINER_TMPFS} }
+if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { mount -a --fstab ${CONTAINER_DATA}/fstab }
+s6-envuidgid ${CONTAINER_USER}
+if { env HOME=${CONTAINER_USER_HOME} s6-applyuidgid -U ${CONTAINER_USER_HOME}/xsession-setup ${CONTAINER_TMPFS} 6 }
+env
+  HOST=carbon
+  NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
+unshare -n
+/root/ns_run ${CONTAINER_DATA}/root /mnt/ns/bin/s6-applyuidgid -U /run/init
+
+
+# if { rm -rf /run/containers/xsession.6.ccx }
+# if { mkdir -p /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
+# if { chmod 1770 /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
+# if { chown root:ccx /run/containers/xsession.6.ccx/home /run/containers/xsession.6.ccx/run /run/containers/xsession.6.ccx/tmp }
+# if { mount -a --fstab /mnt/volumes/containers/user/ccx/xsession.6/fstab }
+# if { env HOME=/home/ccx s6-applyuidgid -u 1000 -g 100 -G 1000 /home/ccx/xsession-setup /run/containers/xsession.6.ccx 6 }
+# env
+#   HOST=carbon
+#   NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
+# unshare -n
+# /root/ns_run /mnt/volumes/containers/user/ccx/xsession.6/root /mnt/ns/bin/s6-applyuidgid -u 1000 -g 100 -G 1000 /run/init

	mrrl-containers MRRL version of container scripts
	git clone https://ccx.te2000.cz/git/mrrl-containers
	Log \| Files \| Refs

A	service_scripts/generic/finish	\|	12	++++++++++++
A	service_scripts/generic/run	\|	29	+++++++++++++++++++++++++++++
A	service_scripts/xsession/finish	\|	17	+++++++++++++++++
A	service_scripts/xsession/run	\|	38	++++++++++++++++++++++++++++++++++++++