mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs
commit 60cb8c9c7f0770d3a9fae59da4418f469a1c7cf4
parent e0bfe13751f50ff2ea81859704ffa0605bf5d0dd
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Thu, 17 Dec 2020 15:59:24 +0100

Add scripts for constructing and entering the namespace.
Diffstat:

Asbin/ns_execline.zsh | 54++++++++++++++++++++++++++++++++++++++++++++++++++++++


Asbin/ns_run | 12++++++++++++


2 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/sbin/ns_execline.zsh b/sbin/ns_execline.zsh
@@ -0,0 +1,54 @@
+#!/bin/zsh
+setopt no_unset
+el_escape() {  # escape for execline
+	RESULT="\"${${${1}//\\/\\\\}//\"/\\\"}\""
+}
+
+ROOTSRC=$1
+shift
+el_escape $ROOTSRC; ROOT_EL=$RESULT
+
+: ${NS_TMPFS:=mnt/ns}
+el_escape $NS_TMPFS; NS_TMPFS_EL=$RESULT
+
+: ${NS_BIN_DIR:=/mnt/volumes/containers/bin}
+el_escape $NS_BIN_DIR:A; NS_BIN_EL+=( $RESULT )
+
+#: ${IF_BIN:=/mnt/volumes/containers/bin/if}
+#: ${BUSYBOX_BIN=/mnt/volumes/containers/bin/busybox}
+#binaries=()
+#el_escape $IF_BIN:A; binaries+=( $RESULT )
+#el_escape $BUSYBOX_BIN:A; binaries+=( $RESULT )
+
+printf '%s\n' "fdmove 0 3"
+printf '%s\n' "if { mount --rbind $ROOT_EL /mnt/chroot }"
+printf '%s\n' "cd /mnt/chroot"
+printf '%s\n' "foreground { cp /etc/resolv.conf etc/ }"
+printf '%s\n' "if { mount -t proc proc proc }"
+printf '%s\n' "if { s6-mount -nwt tmpfs -o nosuid,dev,mode=0755 dev dev }"
+printf '%s\n' "if { mknod -m 666 dev/null c 1 3 }"
+printf '%s\n' "if { mknod -m 666 dev/full c 1 7 }"
+printf '%s\n' "if { mknod -m 666 dev/ptmx c 5 2 }"
+printf '%s\n' "if { mknod -m 644 dev/random c 1 8 }"
+printf '%s\n' "if { mknod -m 644 dev/urandom c 1 9 }"
+printf '%s\n' "if { mknod -m 666 dev/zero c 1 5 }"
+printf '%s\n' "if { mknod -m 666 dev/tty c 5 0 }"
+printf '%s\n' "if { mkdir dev/shm dev/pts }"
+printf '%s\n' "if { mount -t devpts devpts dev/pts }"
+printf '%s\n' "if { s6-mount -nwt tmpfs -o nosuid,nodev,mode=1777 shm dev/shm }"
+printf '%s\n' "if { mount -o remount,ro dev }"
+if [[ $+NS_FSTAB == 1 && -n $NS_FSTAB ]]; then
+	printf '%s\n' "if { mount -a --fstab \"${${NS_FSTAB//\\/\\\\}//\"/\\\"}\" }"
+fi
+if [[ $+NS_EXTRA == 1 && -n $NS_EXTRA ]]; then
+	printf '\n%s\n\n' "$NS_EXTRA"
+fi
+printf '%s\n' "if { s6-mount -nwt tmpfs -o nosuid,nodev,mode=700 mnt_ns $NS_TMPFS_EL }"
+printf '%s\n' "if { mkdir $NS_TMPFS_EL/oldroot $NS_TMPFS_EL/bin }"
+printf '%s\n' "if { s6-hiercopy $NS_BIN_EL $NS_TMPFS_EL/bin }"
+printf '%s\n' "if { pivot_root . $NS_TMPFS_EL/oldroot }"
+awk -vROOT=/$NS_TMPFS/oldroot -vBIN=/$NS_TMPFS_EL/bin '$5 {print BIN"/if { "BIN"/if -n -t { "BIN"/busybox umount "ROOT $5" } "BIN"/busybox umount -l "ROOT $5" }" }' /proc/self/mountinfo | tac
+printf '%s' "./$NS_TMPFS_EL/bin/busybox chpst -/ ."
+#printf '%s' "./$NS_TMPFS_EL/bin/chpst -/ ."
+printf ' "%s"' "$@"
+printf '\n'
diff --git a/sbin/ns_run b/sbin/ns_run
@@ -0,0 +1,12 @@
+#!/bin/zsh
+add_args=( )
+for a in "$@"; do
+	# execline-safe escaping
+	add_args+=( \"${a//\\/\\\\}\" )
+done
+if [[ $$ != 1 ]]; then
+	echo >&2 "ns_run: fatal: not PID 1"
+	exit 2
+fi
+exec unshare -m -u -i /command/execlineb -c "foreground { importas -i HOST HOST hostname $HOST } fdmove -c 3 0 pipeline -d { /root/ns_execline.zsh $add_args } execlineb /dev/stdin"
+# exec unshare -m -u -i -n /command/execlineb -c "foreground { importas -i HOST HOST hostname $HOST } fdmove -c 3 0 pipeline -d { /root/ns_execline.zsh $add_args } execlineb /dev/stdin"