Reimplement ns_run using ns_run_unshared - mrrl-containers

commit e8693079f23f531278f820e06d88f41de5d9642b
parent 4d3d1afaf628d5d8d18f43601d57f2539b74fc8b
Author: ccx <ccx@te2000.cz>
Date:   Sat, 20 Jul 2024 23:44:34 +0000

Reimplement ns_run using ns_run_unshared

Diffstat:
M sbin/ns_run  | 87 +++++--------------------------------------------------------------------------

1 file changed, 5 insertions(+), 82 deletions(-)
diff --git a/sbin/ns_run b/sbin/ns_run
@@ -22,88 +22,11 @@
 ##            All statically linked of course.
 ##   NS_NO_PID1 - Allow not running as init process of the namespace.
 
-# import variables from environment, with defaults
-multisubstitute {
-	importas -D container HOST HOST
-	importas -D /mnt/chroot NS_ROOT NS_ROOT
-	importas -D mnt/ns NS_TMPFS  NS_TMPFS
-	importas -D /mnt/volumes/containers/bin NS_BIN NS_BIN
-}
-
-# check we are PID1 (in a new PID namespace)
-getpid PID
-ifelse {
-	importas -D "" NS_NO_PID1 NS_NO_PID1
-	importas -i PID PID
-	test -z ${NS_NO_PID1} -a 1 -ne $PID
-} {
-	fdmove -c 1 2
-	foreground { echo "ns_run: fatal: not PID 1" }
-	exit 111
-}
-unexport PID
-
-
 unshare -m -u -i  # new mount, UTS and IPC namespaces
-foreground { importas -i HOST HOST hostname $HOST }
-
-# We will generate final script we will exec into to enter the container.
-# We need to generate it before we start mounting anything,
-# so only the mountpoints that exist at this point will get unmounted and
-# everything we will mount below will stay.
-backtick -i NS_FINAL_SCRIPT {
-	# Generate execline script that performs pivot_root
-	# and umounts all the filesystems not used by the container
-	# formerly: /root/ns_execline.zsh $@
-
-	if {
-		printf "%s\n"
-		"if { pivot_root . \${NS_TMPFS}/oldroot }"
-	}
-	if {
-		ns_umount_script.awk
-		-vROOT=/${NS_TMPFS}/oldroot
-		-vBIN=/${NS_TMPFS}/bin
-		/proc/self/mountinfo
-	}
-	if { printf "%s\n" "./${NS_TMPFS}/bin/busybox chpst -/ ." }
-	# quote all the arguments we got for interpretation by execline
-	forx -o 0 X { $@ } importas -i X X s6-quote -- $X
-}
-
-# mount and enter the chroot directory
-if { mount -o rbind $1 $NS_ROOT }
-cd $NS_ROOT
-
-if { ns_run_mounts . }
-
-# mountpoint for privileged operations and pivot_root
-if { s6-mount -nwt tmpfs -o nosuid,nodev,mode=711 mnt_ns $NS_TMPFS }
-if { mkdir ${NS_TMPFS}/oldroot ${NS_TMPFS}/bin }
-#if { s6-hiercopy $NS_BIN ${NS_TMPFS}/bin }
-if { s6-mount -n -o bind,ro $NS_BIN ${NS_TMPFS}/bin }
-
 # container-specific setup provided in environment
-if {
-	if -t { eltest -v NS_EXTRA }
-	importas -i NS_EXTRA NS_EXTRA
-	execlineb -c $NS_EXTRA
+ifelse { eltest -v NS_EXTRA }
+{
+	importas -i -u NS_EXTRA NS_EXTRA
+	ns_run_unshared $1 { execlineb -c $NS_EXTRA } $@
 }
-unexport NS_EXTRA
-
-if {
-	if -t { eltest -v NS_FSTAB }
-	importas -i NS_FSTAB NS_FSTAB
-	mount -a -T $NS_FSTAB
-}
-unexport NS_FSTAB
-
-# now we can make /dev immutable
-if { mount -o remount,ro dev }
-
-# exec into the script we generated above, it:
-# * does pivot_root to change rootdir
-# * umounts all undesired filesystems
-# * execs into $@
-importas -i -u NS_FINAL_SCRIPT NS_FINAL_SCRIPT
-execlineb -c $NS_FINAL_SCRIPT
+ns_run_unshared $1 { } $@

	mrrl-containers MRRL version of container scripts
	git clone https://ccx.te2000.cz/git/mrrl-containers
	Log \| Files \| Refs