Fix getent, add alsa template which mounts /dev/snd - mrrl-containers

commit a88fa3b7cd5c50ee99b2d87287946a8a08e2827c
parent 4d5602b21cb2e8876159dace952d3ba0672e4c7c
Author: Jan Pobříslo <ccx@te2000.cz>
Date:   Wed, 20 Oct 2021 00:19:05 +0000

Fix getent, add alsa template which mounts /dev/snd
Diffstat:
A service_scripts/alsa/finish  | 12 ++++++++++++
A service_scripts/alsa/run  | 47 +++++++++++++++++++++++++++++++++++++++++++++++
M zsh-functions/confz_containers_init  | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
M zsh-functions/confz_site_containers_init  | 3 +--

4 files changed, 121 insertions(+), 6 deletions(-)
diff --git a/service_scripts/alsa/finish b/service_scripts/alsa/finish
@@ -0,0 +1,12 @@
+#!/command/execlineb
+s6-envdir env
+multisubstitute {
+	importas -i CONTAINER_NAME CONTAINER_NAME
+	importas -i CONTAINER_USER CONTAINER_USER
+}
+multisubstitute {
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+#	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+}
+foreground { umount --recursive data/root }
+rm -rf ${CONTAINER_TMPFS}
diff --git a/service_scripts/alsa/run b/service_scripts/alsa/run
@@ -0,0 +1,47 @@
+#!/command/execlineb
+#define CONTAINER_NAME alpine-games
+#define CONTAINER_USER ccx
+s6-envdir env
+multisubstitute {
+	importas -i -u CONTAINER_NAME CONTAINER_NAME
+	importas -i -u CONTAINER_USER CONTAINER_USER
+}
+backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
+multisubstitute {
+	importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME
+	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
+#	define CONTAINER_DATA /mnt/volumes/containers/user/${CONTAINER_USER}/${CONTAINER_NAME}
+	define -s tmpfs_dirs "home run tmp inbox run/inbox tmp/.X11-unix"
+}
+
+getpid NS_PID
+foreground {
+	importas -i NS_PID NS_PID
+	if { test -d /run/cgroup2 }
+	if { mkdir -p /run/cgroup2/containers/${CONTAINER_USER}/${CONTAINER_NAME} }
+	redirfd -w 1 /run/cgroup2/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs
+	printf "%s" ${NS_PID}
+}
+
+if { rm -rf ${CONTAINER_TMPFS} }
+if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
+if { mount -a --fstab data/fstab }
+
+# Put UID/GID of user and their exclusive group (same group name as user name)
+#s6-envuidgid -B ${CONTAINER_USER}:${CONTAINER_USER}
+
+#multisubstitute { importas -i UID UID importas -i GID GID }
+env
+  HOST=${CONTAINER_NAME}
+  #RUN_CHOWN=${UID}:${GID}
+  NS_EXTRA="if { mount -o bind,ro /dev/snd dev/snd } if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }"
+
+# Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below
+s6-envuidgid ${CONTAINER_USER}
+emptyenv -c
+ns_run data/root
+/mnt/ns/bin/s6-applyuidgid -U
+env HOME=${CONTAINER_USER_HOME}
+${CONTAINER_USER_HOME}/run/init
diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init
@@ -114,8 +114,8 @@ confz_container_service_generic_check() {
 	defvar container_name "$vars[image_name]"
 	container=$vars[container_name]
 
-	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
-	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
+	uid="${${(s.:.)"$(getent passwd $vars[user])"}[3]}" \
+	gid="${${(s.:.)"$(getent group $vars[user])"}[3]}" \
 
 	require fs_d filename=$vars[containers_dir]/user/$vars[user]
 	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
@@ -163,6 +163,63 @@ confz_container_service_generic_check() {
 		content=$container
 }
 
+confz_container_service_alsa_check() {
+	local uid gid container_user_dir svc_dir container
+	local -a fstab
+	checkvars containers_dir svscan_dir image_name user
+	defvar fstab_extra ''
+	defvar container_name "$vars[image_name]"
+	container=$vars[container_name]
+
+	uid="${${(s.:.)"$(getent passwd $vars[user])"}[3]}" \
+	gid="${${(s.:.)"$(getent group $vars[user])"}[3]}" \
+
+	require fs_d filename=$vars[containers_dir]/user/$vars[user]
+	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/user/$vars[user] owner=0:$gid
+
+	container_user_dir=$vars[containers_dir]/user/$vars[user]/$container
+	require fs_d filename=$container_user_dir
+	require fs_m filename=$container_user_dir mode=751
+	require fs_o filename=$container_user_dir owner=0:$gid
+
+	require fs_d filename=$container_user_dir/root
+
+	require fs_d filename=$container_user_dir/home
+	require fs_m filename=$container_user_dir/home mode=751
+	require fs_o filename=$container_user_dir/home owner=0:$gid
+
+	require fs_d filename=$container_user_dir/home/$vars[user]
+	require fs_o filename=$container_user_dir/home/$vars[user] owner=$uid:$gid
+
+	require fs_d filename=$vars[containers_dir]/home/$vars[user]
+	require fs_m filename=$vars[containers_dir]/home/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/home/$vars[user] owner=0:$gid
+
+	require fs_l filename=$vars[containers_dir]/home/$vars[user]/$container \
+		destination=../../user/$vars[user]/$container/home/$vars[user]
+
+	fstab=(
+		$vars[containers_dir]/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
+		$container_user_dir/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$container.$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$container.$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$container.$vars[user]/inbox$'\t'$container_user_dir/root/.inbox$'\tnone\tbind,ro,nosuid,nodev\t0 0'
+		"${(f@)vars[fstab_extra]}"
+	)
+
+	svc_dir=$vars[svscan_dir]/container.$container.$vars[user]
+	require container_service_preset preset=alsa \
+		svc_dir=$svc_dir control_user=$uid control_group=$gid \
+		root_link=$container_user_dir/root \
+		fstab=${(F)fstab} \?down \?fstab_post
+	require fs_d filename=$svc_dir/env
+	require fs_contentnl filename=$svc_dir/env/CONTAINER_USER \
+		content=$vars[user]
+	require fs_contentnl filename=$svc_dir/env/CONTAINER_NAME \
+		content=$container
+}
+
 confz_container_service_xsession_check() {
 	local uid gid container_user_dir svc_dir container
 	local -a fstab
@@ -170,8 +227,8 @@ confz_container_service_xsession_check() {
 	defvar fstab_extra ''
 	container=xsession.$vars[display_number]
 
-	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
-	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
+	uid="${${(s.:.)"$(getent passwd $vars[user])"}[3]}" \
+	gid="${${(s.:.)"$(getent group $vars[user])"}[3]}" \
 
 	require fs_d filename=$vars[containers_dir]/user/$vars[user]
 	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -18,9 +18,8 @@ confz_site_containers_user_check() {
 	done
 
 	bindroot=$vars[containers_dir]/user/$vars[user]/alpine-jack/root
-	require container_service_generic \
+	require container_service_alsa \
 		image_name=alpine-jack \
-		fstab_post=/dev/snd$'\t'$bindroot/dev/snd$'\tnone\tbind,nosuid\t0 0' \
 		:containers_dir :svscan_dir :user
 
 	# bind-mounts for alpine-dev

	mrrl-containers MRRL version of container scripts
	git clone https://ccx.te2000.cz/git/mrrl-containers
	Log \| Files \| Refs

A	service_scripts/alsa/finish	\|	12	++++++++++++
A	service_scripts/alsa/run	\|	47	+++++++++++++++++++++++++++++++++++++++++++++++
M	zsh-functions/confz_containers_init	\|	65	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
M	zsh-functions/confz_site_containers_init	\|	3	+--