miragesdk: update to latest base init

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>

projects/miragesdk/examples/mirage-dhcp.yml

@@ -2,7 +2,7 @@ kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 page_poison=1"
 init:
-  - mobylinux/init:286e9864b12beaff71b06809b6f0d832b6408eb5 # base init + strace + git
+  - mobylinux/init:61a72fa20b9b9be269fe6b2b6360031f2cb897a7 # base init + strace + git
   - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
   - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
   - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935

projects/miragesdk/pkg/init/etc/init.d/containerd

@@ -6,4 +6,4 @@ ulimit -p unlimited
 
 printf "\nStarting containerd\n"
 mkdir -p /var/log
-/sbin/start-stop-daemon --start --exec /usr/bin/containerd
+exec /usr/bin/containerd

projects/miragesdk/pkg/init/etc/init.d/containers

@@ -1,27 +1,29 @@
 #!/bin/sh
 
-# TODO more robust
-# while [ ! -S /run/containerd/containerd.sock ]; do sleep 1; done
-# while ! ctr list 2> /dev/null; do sleep 1; done
+# start onboot containers, run to completion
 
-# start system containers
-# temporarily using runc not containerd
-
-if [ -d /containers/system ]
+if [ -d /containers/onboot ]
 then
-	for f in $(find /containers/system -mindepth 1 -maxdepth 1 | sort)
+	for f in $(find /containers/onboot -mindepth 1 -maxdepth 1 | sort)
 	do
 		base="$(basename $f)"
+		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
 		/usr/bin/runc run --bundle "$f" "$(basename $f)"
 		printf " - $base\n"
 	done
 fi
 
-if [ -d /containers/daemon ]
+# start service containers
+# temporarily using runc not containerd
+
+if [ -d /containers/services ]
 then
-	for f in $(find /containers/daemon -mindepth 1 -maxdepth 1 | sort)
+	for f in $(find /containers/services -mindepth 1 -maxdepth 1 | sort)
 	do
 		base="$(basename $f)"
+		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
 		log="/var/log/$base.log"
 		/sbin/start-stop-daemon --start --pidfile /run/$base.pid --exec /usr/bin/runc -- run --bundle "$f" --pid-file /run/$base.pid "$(basename $f)" </dev/null 2>$log >$log &
 		printf " - $base\n"

projects/miragesdk/pkg/init/etc/init.d/rcS

@@ -59,18 +59,13 @@ do
 	esac
 done < /proc/cgroups
 
+# use hierarchy for memory
+echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy
+
 # for compatibility
 mkdir -p /sys/fs/cgroup/systemd
 mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
 
-# set SELinux contexts
-if [ -x /sbin/restorecon ]
-then
-	restorecon -F /sys/devices/system/cpu/online >/dev/null 2>&1
-	restorecon -rF /sys/fs/cgroup >/dev/null 2>&1
-	restorecon -rF /dev >/dev/null 2>&1
-fi
-
 # start mdev for hotplug
 echo "/sbin/mdev" > /proc/sys/kernel/hotplug
 
@@ -101,3 +96,19 @@ hwclock --hctosys --utc
 ip addr add 127.0.0.1/8 dev lo brd + scope host
 ip route add 127.0.0.0/8 dev lo scope host
 ip link set lo up
+
+# for containerising dhcpcd and other containers that need writable etc
+mkdir /tmp/etc
+mv /etc/resolv.conf /tmp/etc/resolv.conf
+ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+
+# remount rootfs as readonly
+mount -o remount,ro /
+
+# make /var writeable and shared
+mount -o bind /var /var
+mount -o remount,rw,nodev,nosuid,noexec,relatime /var /var
+mount --make-rshared /var
+
+# make / rshared
+mount --make-rshared /