#!/bin/sh
#
-# This boot method runs a service subhost with a root filesystem that
-# is an overlay of the subhost's root and an OS root. The service
-# subhost is defined by a configuration file named on teh command line
+# This boot scripts runs a service subhost as defined by the
+# configuration file named on the command line.
+# See "man overlay-boot" for details.
-OVERLAYDIR="$(realpath $(dirname $0))"
-
-[ $(id -u) = 0 ] || exec sudo $0 $@
-. $(dirname $(realpath $0))/functions $*
-
-CONFIG="$1"
-[ -r "$CONFIG" ] || die "Missing configuration $CONFIG"
+set -x
+PROGRAMDIR="$(dirname $(realpath $0))"
+. $PROGRAMDIR/functions
-config NAME $(basename $1 .${1##*.})
-config LOG /tmp/oly-$NAME.log
+subhost_name $1
if [ -z "$UNSHARED" ] ; then
- # Pre-unsharing:
- #
- # Create the network namespace for the subhost, then trigger
- # detached re-run with unshared mount namespace
- [ -r /run/netns/$NAME ] || {
+ if [ ! -r /run/netns/$NAME ] ; then
ip netns add $NAME
- ip netns exec $NAME ip link set lo up
- }
+ ip netns exec $NAME ip link set lo up || exit 1
+ fi
exec env UNSHARED=yes unshare -m $0 $@ > $LOG 2>&1 &
echo "Logging to $LOG" >&2
exit 0
fi
-config BASE
-BASE="$(cd $(dirname $CONFIG); realpath $BASE)"
-
-[ -z "$BASE" ] && die "BASE is unset; bogus $CONFIG ?"
-[ -d "$BASE" ] || die "$BASE is not a directory; bogus $CONFIG ?"
-cd "$BASE" || die "$BASE is inaccessible"
-
-config LIVE "$BASE/live"
-config UPPER "$BASE/root"
-config WORK "$BASE/work"
-config LOWER "/"
-config CABLES ""
-config START "networking ssh"
-config SUBSHELL /bin/sh
-
-# Setup virtual cabling and subhost's /etc/network/interfaces
+subhost_config
setup_veth_cables $NAME $CABLES
-
-# Set up the mount for this subhost, including a new tmpfs on its /run
-echo setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
+setup_cgroup2_accounting "$NAME" "$$"
exithandler() {
ip netns del $NAME
- [ "$LOWER" != "$LIVE" ] && umount -R "$LIVE"
- [ -f "${UPPER%% *}" ] && [ -x "${UPPER%% *}" ] && \
- env ACTION=teardown $UPPER
+ [ "$UPPER" != "$LIVE" ] && umount -R "$LIVE"
}
trap "exithandler" 0
-CMD="unshare -fp --mount-proc ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-
-config RAM_SIZE 50M
-
-cat <<EOF | $CMD
-set -x
-mount -t proc proc /proc
-mount -t devpts devpts /dev/pts
-mount -t sysfs sysfs /sys
-if [ "$RAM_SIZE" != "none" ] && ! grep -q '/run tmpfs' /proc/mounts ; then
- mount -t tmpfs -osize=$RAM_SIZE,mode=755 tmpfs /run
-fi
-for srv in $START ; do service \$srv start ; done
-dummy_service() {
- [ \$# -gt 3 ] && return 0
- echo "Starting dummy service" >&2
- set +x
- [ -p /run/dummy_service ] || mkfifo /run/dummy_service
- ( printf dummy_service > /proc/self/comm ; read X < /run/dummy_service ) &
- set -x
-}
-dummy_service /proc/*/comm
-exec /.reaper $NAME
-EOF
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+ beginswith "$P" "$LIVE" && continue
+ beginswith "/run/netns/$NAME" "$P" && continue
+ [ "$P" = /proc ] && continue
+ umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+ unshare -fp --mount-proc -i -u \
+ ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"