mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs

run (2571B)

      1 #!/command/execlineb -P
      2 fdmove -c 2 1
      3 
      4 s6-envdir env
      5 multisubstitute {
      6 	importas -i -u CONTAINER_NAME CONTAINER_NAME
      7 	importas -i -u CONTAINER_USER CONTAINER_USER
      8 }
      9 backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
     10 multisubstitute {
     11 	importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME
     12 	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
     13 	define -s tmpfs_dirs "home run tmp run/inbox run/shm tmp/.X11-unix"
     14 	importas -D ns -s -C -u CONTAINER_MNT_DIRS CONTAINER_MNT_DIRS
     15 }
     16 
     17 getpid NS_PID
     18 foreground {
     19 	importas -i NS_PID NS_PID
     20 	if { test -d /run/cgroup }
     21 	if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} }
     22 	redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs
     23 	printf "%s" ${NS_PID}
     24 }
     25 unexport NS_PID
     26 export HOST ${CONTAINER_NAME}
     27 
     28 if { rm -rf ${CONTAINER_TMPFS} }
     29 if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} ${CONTAINER_TMPFS}/mnt/${CONTAINER_MNT_DIRS} }
     30 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
     31 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
     32 
     33 # Create default resolv.conf
     34 if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" }
     35 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf }
     36 
     37 # Put UID/GID/GIDLIST into environment for use by applyuidgid-caps below
     38 s6-envuidgid ${CONTAINER_USER}
     39 
     40 unshare -m -u -i  # new mount, UTS and IPC namespaces
     41 
     42 if { mount -a -T data/fstab }
     43 
     44 # Run user's setup script (optional)
     45 if {
     46 	ifelse { test -x ${CONTAINER_USER_HOME}/container-setup } {
     47 		env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER}
     48 		applyuidgid-caps -U ""
     49 		${CONTAINER_USER_HOME}/container-setup ${CONTAINER_TMPFS} ${CONTAINER_NAME}
     50 	}
     51 }
     52 
     53 unshare -n  # make new network namespace
     54 if { ip addr add 127.0.0.1/8 dev lo }
     55 if { ip addr add ::1/128 dev lo }
     56 if { ip link set lo up }
     57 
     58 emptyenv -c
     59 ns_run_unshared data/root {
     60 	# pre pivot-root commands
     61 	if { mount -o bind,ro /etc/passwd ./etc/passwd }
     62 	if { mount -o bind,ro /etc/group ./etc/group }
     63 
     64 	if { mount -o bind,ro /dev/snd dev/snd }
     65 }
     66 
     67 # This runs with changed / so use absolute paths before dropping privs
     68 /mnt/ns/bin/applyuidgid-caps -U ""
     69 /mnt/ns/bin/busybox env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER}
     70 /mnt/ns/bin/foreground {
     71 	cat /proc/self/mountinfo
     72 }
     73 /mnt/ns/bin/ifelse { test -x ${CONTAINER_USER_HOME}/run/init } {
     74 	${CONTAINER_USER_HOME}/run/init
     75 }
     76 /mnt/ns/bin/foreground {
     77 	/mnt/ns/bin/if -n {
     78 		/mnt/ns/bin/busybox stat /mnt/init/init
     79 	}
     80 	/mnt/ns/bin/busybox ls -lhA /mnt/init /mnt
     81 }
     82 /mnt/init/init