mrrl

container-bin-image (1925B)

---

 {% extends "base" %}
 {% block body -%}
 #+{{pkg_install_name("busybox")}}
 #+{{pkg_install_name("busybox-diffutils")}}
 #+{{pkg_install_name("busybox-login")}}
 #+{{pkg_install_name("execline")}}
 #+{{pkg_install_name("s6")}}
 #+{{pkg_install_name("ccx-utils")}}
 #+{{pkg_install_name("applyuidgid-caps")}}
 #+{{pkg_install_name("easyseccomp")}}
 #+{{pkg_install_name("mlog")}}
 #+{{pkg_install_name("abduco")}}
 #+{{pkg_install_name("nawk")}}
 #@sha256:{{files["default-policy.easyseccomp"]}}:default-policy.easyseccomp
 
 img="$pthbs_destdir{{versions}}/$pthbs_package/container-bin-image"
 mkdir -p "$img"
 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
 cd "$img"
 
 # first commands without argv0 aliases
 for cmd in "${PATH%%:*}"/*; do
 	rp=$(realpath "$cmd")
 	base=$(basename "$rp")
 	if test $base = "${cmd##*/}"; then
 		if test -e "./$base"; then
 			printf "fatal: duplicate command file: '%s'\n" "$base"
 			exit 1
 		fi
 		cp -p "$rp" ./
 	fi
 done
 
 # now alias using symlinks
 for cmd in "${PATH%%:*}"/*; do
 	rp=$(realpath "$cmd")
 	base=$(basename "$rp")
 	if ! test $base = "${cmd##*/}"; then
 		if ! test -f "./$base"; then
 			cp -p "$rp" ./
 		fi
 		ln -s "./$base" "./${cmd##*/}"
 	fi
 done
 
 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do
 	if ! test -x "./$cmd"; then
 		printf "fatal: expected command not found: '%s'\n" "$cmd"
 		exit 1
 	fi
 done
 ./true
 ./seccomp-run ./seccomp-default.bpf ./true
 
 
 touch "$pthbs_destdir{{versions}}/$pthbs_package/.install-links"
 {% endblock %}