mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

container-bin-image (2386B)

      1 #!/usr/bin/env pthbs-build
      2 #+busybox.d2d7aa00eac6ec561a10d126b1866f22e226a1276307466251e80fd8a4a1ebc7
      3 #+busybox-diffutils.24775f761d337796ffe81623350e4bf2f039067f593411146bfeb9c80567d182
      4 #+busybox-login.3ef0493da36045ce4f324aea34018d3b983d6c3d037725f9b2c9dd7966b394cc
      5 #+execline.6b4951a98fd1ceab65adb101d074d9e5e3e910334cc738bc8030e3695a781e95
      6 #+s6.b2888ce412a12e54f60be31ae842d7405491fff647b8ee55c00b521bfa1dd4cc
      7 #+ccx-utils.cd6a9f252f1c720939d359ef0f69d6fb2574f49ef99ab7aaf30e69298e66733b
      8 #+applyuidgid-caps.616ac2e9c93705062c4cac8e006b3a711b526be549caba09bdc141e60a942961
      9 #+easyseccomp.79893018227e85c54e29cedce0b03214cda27b24399018111d8cb42f498fde56
     10 #+mlog.ad83d1e085e275eeaecdb817e532119817b7dcb35ecf475b413ecb3a14f0acdd
     11 #+abduco.50a16542b96d508736ea8e53fac37debcd3fe2519925ee1e036751a712af220a
     12 #+nawk.20e61757d30ba2271f207e142d393eb446a3ce4af79060fea9822a996e9eee29
     13 #@sha256:b9236c0fd504ffbc56f65d0522d2acadcd2683380eaa6f1873e8201eaa7388a5:default-policy.easyseccomp
     14 
     15 img="$pthbs_destdir/home/ccx/versions/$pthbs_package/container-bin-image"
     16 mkdir -p "$img"
     17 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
     18 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
     19 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
     20 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
     21 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
     22 cd "$img"
     23 
     24 # first commands without argv0 aliases
     25 for cmd in "${PATH%%:*}"/*; do
     26 	rp=$(realpath "$cmd")
     27 	base=$(basename "$rp")
     28 	if test $base = "${cmd##*/}"; then
     29 		if test -e "./$base"; then
     30 			printf "fatal: duplicate command file: '%s'\n" "$base"
     31 			exit 1
     32 		fi
     33 		cp -p "$rp" ./
     34 	fi
     35 done
     36 
     37 # now alias using symlinks
     38 for cmd in "${PATH%%:*}"/*; do
     39 	rp=$(realpath "$cmd")
     40 	base=$(basename "$rp")
     41 	if ! test $base = "${cmd##*/}"; then
     42 		if ! test -f "./$base"; then
     43 			cp -p "$rp" ./
     44 		fi
     45 		ln -s "./$base" "./${cmd##*/}"
     46 	fi
     47 done
     48 
     49 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do
     50 	if ! test -x "./$cmd"; then
     51 		printf "fatal: expected command not found: '%s'\n" "$cmd"
     52 		exit 1
     53 	fi
     54 done
     55 ./true
     56 ./seccomp-run ./seccomp-default.bpf ./true
     57 
     58 
     59 touch "$pthbs_destdir/home/ccx/versions/$pthbs_package/.install-links"