mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs
commit 4d3d1afaf628d5d8d18f43601d57f2539b74fc8b
parent 1ebc1659d60b747b4f6fda78a39bc28e60318ee9
Author: ccx <ccx@te2000.cz>
Date:   Sat, 20 Jul 2024 23:34:37 +0000

Use ns_run_unshared everywhere

Diffstat:

Msbin/container_sysroot_run | 5++---


Msbin/ns_run_unshared | 4++--


Mservice_scripts/sysroot/run | 3++-


3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/sbin/container_sysroot_run b/sbin/container_sysroot_run
@@ -38,7 +38,7 @@ if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" }
 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf }
 
-unshare -m  # new mount namespace
+unshare -m -u -i  # new mount, UTS and IPC namespaces
 if { mount -a -T data/fstab }
 
 # Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below
@@ -46,12 +46,11 @@ s6-envuidgid ${CONTAINER_USER}
 
 env
   HOST=${CONTAINER_NAME}
-#  NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
 
 emptyenv -c
 export NS_NO_PID1 1
 pidns_run
-ns_run data/root
+ns_run_unshared data/root { }
 /mnt/ns/bin/s6-applyuidgid -U
 $@
 
diff --git a/sbin/ns_run_unshared b/sbin/ns_run_unshared
@@ -1,8 +1,8 @@
 #!/command/execlineb
 
-## usage: ns_run <root_directory> <executable> [<arg1> ...]
+## usage: ns_run_unshared <root_directory> { extra_command } <executable> [<arg1> ...]
 ##
-## Creates isolated namespace/container with given root and runs given
+## Prepares isolated namespace/container with given root and runs given
 ## executable in it.
 ##
 ## Environment variables used:
diff --git a/service_scripts/sysroot/run b/service_scripts/sysroot/run
@@ -33,6 +33,7 @@ if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" }
 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf }
 
+unshare -m -u -i  # new mount, UTS and IPC namespaces
 if { mount -a -T data/fstab }
 
 # Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below
@@ -53,7 +54,7 @@ env
   NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
 
 emptyenv -c
-ns_run data/root
+ns_run_unshared data/root { }
 /mnt/ns/bin/s6-applyuidgid -U
 env HOME=/root
 /run/init