X-Git-Url: https://git.rrq.au/?a=blobdiff_plain;f=overlay-boot;h=899d53ba25f3f9310041462df7d84ce06d9a3307;hb=HEAD;hp=5e6bef92a9b7451627b5d257ce14ade89a66381b;hpb=a3b6bd2a94624852e5fef890fda9fde9548080f3;p=rrq%2Foverlay-boot.git

diff --git a/overlay-boot b/overlay-boot
index 5e6bef9..899d53b 100755
--- a/overlay-boot
+++ b/overlay-boot
@@ -1,87 +1,50 @@
 #!/bin/sh
 #
-# This boot method runs a service subhost with a root filesystem that
-# is an overlay of the subhost's root and an OS root. The service
-# subhost is defined by a configuration file named on teh command line
+# This boot scripts runs a service subhost as defined by the
+# configuration file named on the command line.
+# See "man overlay-boot" for details.
 
-OVERLAYDIR="$(realpath $(dirname $0))"
-
-[ $(id -u) = 0 ] || exec sudo $0 $@
-. $(dirname $(realpath $0))/functions $*
-
-CONFIG="$1"
-[ -r "$CONFIG" ] || die "Missing configuration $CONFIG"
+set -x
+PROGRAMDIR="$(dirname $(realpath $0))"
+. $PROGRAMDIR/functions
 
-config NAME $(basename $1 .${1##*.})
-config LOG /tmp/oly-$NAME.log
+subhost_name $1
 
 if [ -z "$UNSHARED" ] ; then
-    # Pre-unsharing:
-    #
-    # Create the network namespace for the subhost, then trigger
-    # detached re-run with unshared mount namespace
-    [ -r /run/netns/$NAME ] || {
+    if [ ! -r /run/netns/$NAME ] ; then
 	ip netns add $NAME
-	ip netns exec $NAME ip link set lo up
-    }
+	ip netns exec $NAME ip link set lo up || exit 1
+    fi
     exec env UNSHARED=yes unshare -m $0 $@ > $LOG 2>&1 &
     echo "Logging to $LOG" >&2
     exit 0
 fi
 
-config BASE
-BASE="$(cd $(dirname $CONFIG); realpath $BASE)"
-
-[ -z "$BASE" ] && die "BASE is unset; bogus $CONFIG ?"
-[ -d "$BASE" ] || die "$BASE is not a directory; bogus $CONFIG ?"
-cd "$BASE" || die "$BASE is inaccessible"
-
-config LIVE "$BASE/live"
-config UPPER "$BASE/root"
-config WORK "$BASE/work"
-config LOWER "/"
-config CABLES ""
-config START "networking ssh"
-config SUBSHELL /bin/sh
-
-# Setup virtual cabling and subhost's /etc/network/interfaces
+subhost_config
 setup_veth_cables $NAME $CABLES
-
-# Set up the mount for this subhost, including a new tmpfs on its /run
-echo setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
 setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
+setup_cgroup2_accounting "$NAME" "$$"
 
 exithandler() {
     ip netns del $NAME
-    [ "$LOWER" != "$LIVE" ] && umount -R "$LIVE"
-    [ -f "${UPPER%% *}" ] && [ -x "${UPPER%% *}" ] && \
-	env ACTION=teardown $UPPER
+    [ "$UPPER" != "$LIVE" ] && umount -R "$LIVE"
 }
 trap "exithandler" 0
 
-CMD="unshare -fp --mount-proc ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-
-config RAM_SIZE 50M
-
-cat <<EOF | $CMD
-set -x
-mount -t proc proc /proc
-mount -t devpts devpts /dev/pts
-mount -t sysfs sysfs /sys
-if [ "$RAM_SIZE" != "none" ] && ! grep -q '/run tmpfs' /proc/mounts ; then
-    mount -t tmpfs -osize=$RAM_SIZE,mode=755 tmpfs /run
-fi
-for srv in $START ; do service \$srv start ; done
-dummy_service() {
-    [ \$# -gt 3 ] && return 0
-    echo "Starting dummy service" >&2
-    set +x
-    [ -p /run/dummy_service ] || mkfifo /run/dummy_service
-    ( printf dummy_service > /proc/self/comm ; read X < /run/dummy_service ) &
-    set -x
-}
-dummy_service /proc/*/comm
-exec /.reaper $NAME
-EOF
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+    beginswith "$P" "$LIVE" && continue
+    beginswith "$P" "$(realpath $LIVE)" && continue
+    beginswith "/run/netns/$NAME" "$P" && continue
+    [ "$P" = /proc ] && continue
+    umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+    unshare -fp --mount-proc -i -u \
+	    ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"