mrrl-containers

run (3252B)

---

 #!/command/execlineb -P
 fdmove -c 2 1
 
 s6-envdir env
 multisubstitute {
 	importas -i -u CONTAINER_NAME CONTAINER_NAME
 	importas -i -u CONTAINER_USER CONTAINER_USER
 	importas -i -u vtN vtN
 	define XDG_RUNTIME_DIR /run/X
 }
 export XDG_RUNTIME_DIR $XDG_RUNTIME_DIR
 backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
 multisubstitute {
 	importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME
 	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
 	define -s tmpfs_dirs "run tmp run/inbox run/shm tmp/.X11-unix"
 	importas -D ns -s -C -u CONTAINER_MNT_DIRS CONTAINER_MNT_DIRS
 }
 
 getpid NS_PID
 foreground {
 	importas -i NS_PID NS_PID
 	if { test -d /run/cgroup }
 	if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} }
 	redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs
 	printf "%s" ${NS_PID}
 }
 
 if { rm -rf ${CONTAINER_TMPFS} }
 if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} ${CONTAINER_TMPFS}/mnt/${CONTAINER_MNT_DIRS} }
 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
 
 # Xauthority
 if { mkdir -p ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR} }
 if { truncate -s 0 ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority }
 if { chmod 600 ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority }
 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority }
 if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR} }
 
 # # Create default resolv.conf
 # if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" }
 # if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf }
 
 # Put UID/GID/GIDLIST into environment for use by applyuidgid-caps below
 s6-envuidgid ${CONTAINER_USER}
 
 export HOST ${CONTAINER_NAME}
 
 emptyenv -c
 unshare -n -m -u -i  # new net, mount, UTS and IPC namespaces
 if { ip addr add 127.0.0.1/8 dev lo }
 if { ip addr add ::1/128 dev lo }
 if { ip link set lo up }
 ns_run_unshared data/root {
 	# pre pivot-root commands
 	if { mount -o bind,ro /etc/passwd ./etc/passwd }
 	if { mount -o bind,ro /etc/group ./etc/group }
 
 	if { mount -o bind /dev/dri ./dev/dri }
 	if { mount -o bind /dev/input ./dev/input }
 
 	# fixup permissions
 	if { chgrp -R video ./dev/dri }
 	if { chmod g+rw ./dev/dri/card0 }
 
 	if { chgrp -R input ./dev/input }
 	if { chmod -R g+rw ./dev/input/mice }
 
 	if { cp -a /dev/tty0 ./dev/tty0 }
 	if { chmod 660 ./dev/tty0 }
 	if { chown root:xorg ./dev/tty0 }
 
 	if { cp -a /dev/tty${vtN} ./dev/tty${vtN} }
 	if { chmod 660 ./dev/tty${vtN} }
 	if { chown root:xorg ./dev/tty${vtN} }
 }
 # This runs with changed / so use absolute paths before dropping privs
 /mnt/ns/bin/redirfd -r 0 /dev/tty${vtN}
 /mnt/ns/bin/redirfd -w 1 /dev/tty${vtN}
 /mnt/ns/bin/applyuidgid-caps -U "^CAP_SYS_TTY_CONFIG"
 env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER}
 
 if {
 	pipeline {
 		if { printf "add :%d . " ${vtN} }
 		if { redirfd -r 0 /dev/urandom busybox xxd -p -l 16 }
 	}
 	xauth -f ${XDG_RUNTIME_DIR}/Xauthority source -
 }
 
 Xorg
   -displayfd 3
   -nolisten local
   -nolisten tcp
   -quiet
   -logfile ${XDG_RUNTIME_DIR}/log
   -auth ${XDG_RUNTIME_DIR}/Xauthority
   -tst
   -retro
   -novtswitch
   vt${vtN} :${vtN}