run (1901B)
1 #!/command/execlineb -P 2 fdmove -c 2 1 3 4 s6-envdir env 5 multisubstitute { 6 importas -i -u CONTAINER_NAME CONTAINER_NAME 7 importas -i -u CONTAINER_USER CONTAINER_USER 8 } 9 backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER } 10 multisubstitute { 11 importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME 12 define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.sysroot 13 define -s tmpfs_dirs "home run tmp run/inbox run/shm tmp/.X11-unix" 14 } 15 16 getpid NS_PID 17 foreground { 18 importas -i NS_PID NS_PID 19 if { test -d /run/cgroup } 20 if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} } 21 redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs 22 printf "%s" ${NS_PID} 23 } 24 25 if { touch ${CONTAINER_TMPFS}.lockfile } 26 s6-setlock -n ${CONTAINER_TMPFS}.lockfile 27 if { rm -rf ${CONTAINER_TMPFS} } 28 if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} } 29 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} } 30 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} } 31 32 # Create default resolv.conf 33 if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" } 34 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf } 35 36 unshare -m -u -i # new mount, UTS and IPC namespaces 37 if { mount -a -T data/fstab } 38 39 # Put UID/GID/GIDLIST into environment for use by applyuidgid-caps below 40 s6-envuidgid ${CONTAINER_USER} 41 42 # Run user's script to populate /home /run and/or /tmp 43 if { 44 env HOME=${CONTAINER_USER_HOME} 45 applyuidgid-caps -U "" 46 backtick -E CONTAINER_ROOT { s6-linkname data/root } 47 confz container_sysroot_rundir 48 container_root=${CONTAINER_ROOT} 49 container_name=${CONTAINER_NAME} 50 tmp_dir=${CONTAINER_TMPFS} 51 } 52 53 env 54 NS_EXTRA="if { mount -o bind,ro /etc/passwd etc/passwd } if { mount -o bind,ro /etc/group etc/group }" 55 56 emptyenv -c 57 ns_run_unshared data/root { } 58 /mnt/ns/bin/applyuidgid-caps -U "" 59 env HOME=/root 60 /run/init