ns_run (1347B)
1 #!/command/execlineb -s1 2 3 ## usage: ns_run <root_directory> <executable> [<arg1> ...] 4 ## 5 ## Creates isolated namespace/container with given root and runs given 6 ## executable in it. 7 ## 8 ## Environment variables used: 9 ## HOST - hostname to set 10 ## NS_ROOT - where to bind-mount the root directory 11 ## NS_EXTRA - extra execline script to run after setting up the namespaces 12 ## and mounting essential filesystems but before entering it 13 ## and unmounting host filesystem 14 ## NS_FSTAB - file with extra mounts to perform after running above script 15 ## NS_TMPFS - place to store binaries in the container that are run 16 ## before dropping privs, relative path from new root 17 ## NS_BIN - directory to get said binaries from; currently needs: 18 ## - `if` from execline 19 ## - busybox with `umount` and `chpst` functions 20 ## - anything you wish to call before and for dropping privs, 21 ## eg. s6-applyuidgid 22 ## All statically linked of course. 23 ## NS_NO_PID1 - Allow not running as init process of the namespace. 24 25 unshare -m -u -i # new mount, UTS and IPC namespaces 26 # container-specific setup provided in environment 27 ifelse { eltest -v NS_EXTRA } 28 { 29 importas -i -u NS_EXTRA NS_EXTRA 30 ns_run_unshared $1 { execlineb -c $NS_EXTRA } $@ 31 } 32 ns_run_unshared $1 { } $@