mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs

run (1963B)

      1 #!/command/execlineb -P
      2 fdmove -c 2 1
      3 
      4 s6-envdir env
      5 multisubstitute {
      6 	importas -i -u CONTAINER_NAME CONTAINER_NAME
      7 	importas -i -u CONTAINER_USER CONTAINER_USER
      8 }
      9 backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER }
     10 multisubstitute {
     11 	importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME
     12 	importas -i -u vtN vtN
     13 	define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER}
     14 	define -s tmpfs_dirs "home run tmp run/inbox run/shm tmp/.X11-unix"
     15 	importas -D ns -s -C -u CONTAINER_MNT_DIRS CONTAINER_MNT_DIRS
     16 }
     17 export HOST X${vtN}
     18 
     19 getpid NS_PID
     20 foreground {
     21 	importas -i NS_PID NS_PID
     22 	if { test -d /run/cgroup }
     23 	if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} }
     24 	redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs
     25 	printf "%s" ${NS_PID}
     26 }
     27 unexport NS_PID
     28 
     29 if { rm -rf ${CONTAINER_TMPFS} }
     30 if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} ${CONTAINER_TMPFS}/mnt/${CONTAINER_MNT_DIRS} }
     31 if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} }
     32 if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} }
     33 
     34 # Put UID/GID/GIDLIST into environment for use by applyuidgid-caps below
     35 s6-envuidgid ${CONTAINER_USER}
     36 
     37 unshare -m -u -i  # new mount, UTS and IPC namespaces
     38 if { mount -a -T data/fstab }
     39 
     40 # Run user's script to populate /home /run and/or /tmp
     41 if {
     42 	env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER}
     43 	applyuidgid-caps -U ""
     44 	${CONTAINER_USER_HOME}/xsession-setup ${CONTAINER_TMPFS} ${vtN}
     45 }
     46 
     47 unshare -n  # make new network namespace
     48 if { ip addr add 127.0.0.1/8 dev lo }
     49 if { ip addr add ::1/128 dev lo }
     50 if { ip link set lo up }
     51 
     52 emptyenv -c
     53 ns_run_unshared data/root {
     54 	# pre pivot-root commands
     55 	if { mount -o bind,ro /etc/passwd ./etc/passwd }
     56 	if { mount -o bind,ro /etc/group ./etc/group }
     57 }
     58 # This runs with changed / so use absolute paths before dropping privs
     59 /mnt/ns/bin/applyuidgid-caps -U ""
     60 env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER}
     61 /run/init