Created
March 6, 2016 00:31
-
-
Save Ruinland/0d633a05c4f50783d2af to your computer and use it in GitHub Desktop.
Lightweight rootfs for chroot using OverlayFS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Since we want to create a exact sandbox of host, | |
| # choose root to be the lower directory. | |
| container_dir=$(mktemp -d --tmpdir=$HOME) | |
| printf '%s ...\n' "Creating container directory: $container_dir" | |
| original_username=$(whoami) | |
| mkdir -p $container_dir/{work,upper,overlay_root} | |
| upper_dir=$container_dir"/upper" | |
| work_dir=$container_dir"/work" | |
| merged=$container_dir"/overlay_root" | |
| lower_dir="/" | |
| printf '%s ...\n' "Making required directories for OverlayFS mounting" | |
| sudo mount -t overlay overlay -o lowerdir=$lower_dir,upperdir=$upper_dir,workdir=$work_dir $merged | |
| sudo mount proc "$merged/proc" -t proc -o nosuid,noexec,nodev && | |
| sudo mount sys "$merged/sys" -t sysfs -o nosuid,noexec,nodev,ro && | |
| sudo mount udev "$merged/dev" -t devtmpfs -o mode=0755,nosuid && | |
| sudo mount devpts "$merged/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec && | |
| sudo mount run "$merged/run" -t tmpfs -o nosuid,nodev,mode=0755 && | |
| sudo mount tmp "$merged/tmp" -t tmpfs -o mode=1777,strictatime,nodev,nosuid | |
| sudo chroot $merged su $original_username |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment