service.capcont.run (1537B)
1 #!/command/execlineb 2 s6-envdir -i env 3 getcwd PWD 4 multisubstitute { 5 importas -i -u PWD PWD 6 importas -i -u image CONTAINER_IMAGE # Absolute path to what will be the root of the container (bind-mounted read-only) 7 importas -i -u host CONTAINER_HOST # Hostname set inside the container 8 importas -i -u home OWNER_HOME # Home directory of the user outside of the container 9 importas -i UID UID # UID of the user to run the container as 10 importas -i GID GID # GID of group containing just the owning user 11 importas -i GIDLIST GIDLIST # GIDs of supplemental groups of the user 12 } 13 if { 14 if -nt { test -e ./mnt } 15 # TODO: umount and remove 16 } 17 if { mount -t tmpfs mnt_tmpfs ./mnt } 18 if { chmod 755 ./mnt } 19 if { rm -rf ./data } 20 umask 077 21 if { mkdir ./data } 22 if { chmod 770 ./data } 23 if { chown root:${GID} ./data } 24 if { mkdir -p ./data/home ./data/run ./data/tmp } 25 if { chmod 1770 ./data/home ./data/run ./data/tmp } 26 if { chown root:${GID} ./data/home ./data/run ./data/tmp } 27 if { env HOME=${home} s6-applyuidgid -z -U cd ${PWD}/data ${home}/adhoc-setup ${PWD}/data } 28 env 29 HOST=carbon 30 CONTAINER_DATA=${PWD} 31 NS_EXTRA="if { 32 importas -i data CONTAINER_DATA 33 if { mount -o rbind ${PWD}/mnt ./mnt } 34 if { mount -o bind ${data}/tmp ./tmp } 35 if { mount -o bind ${data}/run ./run } 36 if { mount -o bind ${data}/home ./home } 37 if { mount -o bind,ro /etc/passwd ./etc/passwd } 38 if { mount -o bind,ro /etc/group ./etc/group } 39 } unexport CONTAINER_DATA" 40 unshare -n 41 ns_run ${CONTAINER_IMAGE} /mnt/ns/bin/s6-applyuidgid -z -U /run/init