Skip to content

Instantly share code, notes, and snippets.

@fcojperez

fcojperez/README.md

Last active May 7, 2024 11:42
Show Gist options
  • Save fcojperez/420c15ebefc777233eab167a19e0e592 to your computer and use it in GitHub Desktop.
Save fcojperez/420c15ebefc777233eab167a19e0e592 to your computer and use it in GitHub Desktop.
Download ZIP
chroot1.sh is a bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas. The script creates a process isolated sandbox using unshare. More information on https://www.manning.com/books/core-kubernetes
Raw
README.md

chroot1

chroot1.sh is a bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas.

The script creates a process isolated sandbox using unshare. More information on https://www.manning.com/books/core-kubernetes

Raw
chroot1.sh
#!/bin/bash
### A bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas
### Modified to create a process isolated sandbox using unshare
### https://www.manning.com/books/core-kubernetes
is_path_mounted() {
local path_to_check="$1"
# Get the list of mounted filesystems
mounted_path=$(mount |grep "${path_to_check}" |awk '{print $3}')
# Check if the specified path is in the list of mounted paths
if [ "$mounted_path" = "$path_to_check" ]; then
echo "The path $path_to_check is already mounted ($mounted_path)."
return 0 # true
fi
echo "The path $path_to_check is not mounted ($mounted_path)."
return 1 # false
}
if [ -z "$1" ]
then
SANDBOX_PATH="/home/namespace/box"
else
SANDBOX_PATH=$1
fi
echo "SANDBOX_PATH=${SANDBOX_PATH}"
creating_minimal_sandbox(){
### Creating sandbox
local sbox_path=$1
mkdir -p ${sbox_path} ${sbox_path}/bin ${sbox_path}/lib ${sbox_path}/lib64 ${sbox_path}/proc ${sbox_path}/data
### Customizing sandbox
cp -v /usr/bin/kill /usr/bin/ps /usr/bin/grep /bin/bash /bin/ls ${sbox_path}/bin/
### Copying kernel libs
CP_COMMAND="cp -v -r -p --reflink=auto --update"
${CP_COMMAND} /lib/* ${sbox_path}/lib/
${CP_COMMAND} /lib64/* ${sbox_path}/lib64/
}
mounting_volumes(){
local sbox_path=$1
### Mounting proc
if is_path_mounted "${sbox_path}/proc"
then
echo "Already mounted ${sbox_path}/proc"
else
echo "Mounting ${sbox_path}/proc"
mount -t proc proc ${sbox_path}/proc
fi
### Binding local tmp as data folder
if is_path_mounted "${sbox_path}/data"
then
echo "Already mounted ${sbox_path}/data"
else
echo "Mounting ${sbox_path}/data"
mount --bind /tmp/ ${sbox_path}/data
fi
}
running_sandbox(){
local sbox_path=$1
unshare -p -f --mount-proc=${sbox_path}/proc chroot ${sbox_path} /bin/bash
}
main(){
creating_minimal_sandbox "${SANDBOX_PATH}"
mounting_volumes "${SANDBOX_PATH}"
running_sandbox "${SANDBOX_PATH}"
}
main $@
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment