container_sysroot_run (1742B)
1 #!/command/execlineb -s0 2 s6-envdir env 3 multisubstitute { 4 importas -i -u CONTAINER_NAME CONTAINER_NAME 5 importas -i -u CONTAINER_USER CONTAINER_USER 6 } 7 backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER } 8 multisubstitute { 9 importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME 10 define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.sysroot 11 define -s tmpfs_dirs "home run tmp run/inbox run/shm tmp/.X11-unix" 12 } 13 14 getpid NS_PID 15 foreground { 16 importas -i NS_PID NS_PID 17 if { test -d /run/cgroup } 18 if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} } 19 redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs 20 printf "%s" ${NS_PID} 21 } 22 23 if { mkdir -p /run/containers } 24 if { touch ${CONTAINER_TMPFS}.lockfile } 25 s6-setlock -n ${CONTAINER_TMPFS}.lockfile 26 27 # Needs to exists otherwise the find below fails. 28 if { mkdir -p ${CONTAINER_TMPFS} } 29 # This is non-POSIX but even busybox has these flags. 30 if { find ${CONTAINER_TMPFS} -depth -mindepth 2 -delete } 31 #if { rm -rf ${CONTAINER_TMPFS} } 32 33 if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} } 34 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} } 35 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} } 36 37 # Create default resolv.conf 38 if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" } 39 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf } 40 41 unshare -m -u -i # new mount, UTS and IPC namespaces 42 if { mount -a -T data/fstab } 43 44 # Put UID/GID/GIDLIST into environment for use by applyuidgid-caps below 45 s6-envuidgid ${CONTAINER_USER} 46 47 env 48 HOST=${CONTAINER_NAME} 49 50 emptyenv -c 51 export NS_NO_PID1 1 52 pidns_run 53 ns_run_unshared data/root { } 54 /mnt/ns/bin/applyuidgid-caps -U "" 55 $@