-
Notifications
You must be signed in to change notification settings - Fork 188
/
call-podman
executable file
·86 lines (73 loc) · 1.97 KB
/
call-podman
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
export BUILD_DIR=${BUILD_DIR:-/usr/lib/build}
BUILD_ROOT=
IS_UNSHARED=
cleanup_and_exit() {
test -z "$1" && set 0
if test -n "$2" ; then
if test "$1" -ne 0 ; then
echo "$2" >&2
else
echo "$2"
fi
fi
exit $1
}
while test -n "$1" ; do
case "$1" in
--root)
BUILD_ROOT="$2"
shift 2
;;
--isunshared)
IS_UNSHARED=true
shift
;;
*)
break
;;
esac
done
if test -z "$IS_UNSHARED" ; then
echo "Unsharing environment" >&2
# unshare mounts and network
exec unshare -m -n $BUILD_DIR/call-podman --isunshared --root "$BUILD_ROOT" "$@"
cleanup_and_exit 1 "exec unshare returned"
fi
if test -n "$IS_UNSHARED" ; then
# make mounts private
mount --make-rprivate /
# create loopback interface
if test -x /sbin/ip ; then
ip addr add 127.0.0.1/8 dev lo
ip addr add ::1/128 dev lo
ip link set lo up
elif test -x /sbin/ifconfig ; then
ifconfig lo 127.0.0.1 up
ifconfig lo add ::1/128
fi
fi
# setup cgroups
if test "$BUILD_ROOT" != '/' ; then
test -d /sys/fs/cgroup || cleanup_and_exit 1 "/sys/fs/cgroup does not exist"
# make build root a mount point
mount --rbind --make-private "$BUILD_ROOT" "$BUILD_ROOT"
mount --make-rprivate "$BUILD_ROOT"
# mount /sys
if ! test -e $BUILD_ROOT/sys/block; then
mkdir -p $BUILD_ROOT/sys
mount -n -tsysfs sys $BUILD_ROOT/sys
fi
# bind mount cgroups
mount --rbind /sys/fs/cgroup "$BUILD_ROOT/sys/fs/cgroup"
mount --make-rslave "$BUILD_ROOT/sys/fs/cgroup"
export DOCKER_RAMDISK=true
fi
# setup mounts
test -e "$BUILD_ROOT/proc/self" || mount -n -tproc none $BUILD_ROOT/proc
# If the host kernel defaults to cgroupsv2, podman tries to run `crun` instead, even if not available.
# As a workaround, force use of runc.
RUNTIME_OPT=""
[ -x "$BUILD_ROOT/usr/bin/crun" ] || RUNTIME_OPT="--runtime runc"
# run the command
exec chroot "$BUILD_ROOT" podman $RUNTIME_OPT --cgroup-manager=cgroupfs "$@"