diff --git a/blueprints/lcow.yml b/blueprints/lcow.yml index 6270028af..35dce21ea 100644 --- a/blueprints/lcow.yml +++ b/blueprints/lcow.yml @@ -3,7 +3,7 @@ kernel: cmdline: "console=ttyS0" tar: none init: - - linuxkit/init-lcow:19ef62ccc57d3aa53c3fd9f7467ed4492b55f032 + - linuxkit/init-lcow:5375fa62bada3faec048b22d41033dcf1e9ba727 - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630 trust: org: diff --git a/pkg/init-lcow/Dockerfile b/pkg/init-lcow/Dockerfile index 2f0a243c6..4b413c604 100644 --- a/pkg/init-lcow/Dockerfile +++ b/pkg/init-lcow/Dockerfile @@ -9,7 +9,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache FROM linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73 AS build ENV OPENGCS_REPO=https://github.com/rn/opengcs -ENV OPENGCS_COMMIT=d3ba8e211c0df4b0ee663bcfc00b4c2d88abcb9c +ENV OPENGCS_COMMIT=3a4ca49c445caaf4c6d4f0c1e613bae0c7455fb6 RUN apk add --no-cache build-base curl git go musl-dev ENV GOPATH=/go PATH=$PATH:/go/bin RUN git clone $OPENGCS_REPO /go/src/github.com/Microsoft/opengcs && \ @@ -19,8 +19,6 @@ RUN git clone $OPENGCS_REPO /go/src/github.com/Microsoft/opengcs && \ make RUN mkdir /out && \ cp -r /go/src/github.com/Microsoft/opengcs/service/bin /out/bin && \ - cp /go/src/github.com/Microsoft/opengcs/kernelconfig/4.11/scripts/init_script /out/init && \ - chmod ugo+rx /out/init && \ mkdir /out/sbin && \ curl -fSL "https://raw.githubusercontent.com/mirror/busybox/38d966943f5288bb1f2e7219f50a92753c730b14/examples/udhcp/simple.script" -o /out/sbin/udhcpc_config.script && \ chmod ugo+rx /out/sbin/udhcpc_config.script && \ @@ -33,3 +31,4 @@ CMD [] WORKDIR / COPY --from=mirror /out/ / COPY --from=build /out/ / +COPY init / diff --git a/pkg/init-lcow/init b/pkg/init-lcow/init new file mode 100755 index 000000000..725a12321 --- /dev/null +++ b/pkg/init-lcow/init @@ -0,0 +1,63 @@ +#!/bin/sh + +export PATH=/sbin:/bin/:/usr/sbin/:/usr/bin/:/usr/local/sbin:/usr/local/bin + +# Set up mounts +mount -n -t proc proc /proc -o nodev,nosuid,noexec,relatime + +mount -n -t tmpfs tmpfs /run -o nodev,nosuid,noexec,relatime,size=10%,mode=755 +mount -n -t tmpfs tmpfs /tmp -o nodev,nosuid,noexec,relatime,size=10%,mode=1777 + +# mount devfs +mount -n -t devtmpfs dev /dev -o nosuid,noexec,relatime,size=10m,nr_inodes=248418,mode=755 +# devices +[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1 +[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1 +[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0 + +[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3 +[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11 + +# extra symbolic links not provided by default +[ -e /dev/fd ] || ln -snf /proc/self/fd /dev/fd +[ -e /dev/stdin ] || ln -snf /proc/self/fd/0 /dev/stdin +[ -e /dev/stdout ] || ln -snf /proc/self/fd/1 /dev/stdout +[ -e /dev/stderr ] || ln -snf /proc/self/fd/2 /dev/stderr +[ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core + +# devfs filesystems +mkdir -p -m 1777 /dev/mqueue +mkdir -p -m 1777 /dev/shm +mkdir -p -m 0755 /dev/pts +mount -n -t mqueue -o noexec,nosuid,nodev mqueue /dev/mqueue +mount -n -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm /dev/shm +mount -n -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts + +# mount sysfs +sysfs_opts=nodev,noexec,nosuid +mount -n -t sysfs -o ${sysfs_opts} sysfs /sys +[ -d /sys/kernel/security ] && mount -n -t securityfs -o ${sysfs_opts} securityfs /sys/kernel/security +[ -d /sys/kernel/debug ] && mount -n -t debugfs -o ${sysfs_opts} debugfs /sys/kernel/debug +[ -d /sys/kernel/config ] && mount -n -t configfs -o ${sysfs_opts} configfs /sys/kernel/config +[ -d /sys/fs/fuse/connections ] && mount -n -t fusectl -o ${sysfs_opts} fusectl /sys/fs/fuse/connections +[ -d /sys/fs/selinux ] && mount -n -t selinuxfs -o nosuid,noexec selinuxfs /sys/fs/selinux +[ -d /sys/fs/pstore ] && mount -n -t pstore pstore -o ${sysfs_opts} /sys/fs/pstore +[ -d /sys/firmware/efi/efivars ] && mount -n -t efivarfs -o ro,${sysfs_opts} efivarfs /sys/firmware/efi/efivars + +# mount cgroups +mount -n -t tmpfs -o nodev,noexec,nosuid,mode=755,size=10m cgroup_root /sys/fs/cgroup + +while read name hier groups enabled rest +do + case "${enabled}" in + 1) mkdir -p /sys/fs/cgroup/${name} + mount -n -t cgroup -o ${sysfs_opts},${name} ${name} /sys/fs/cgroup/${name} + ;; + esac +done < /proc/cgroups + +# Run gcs in the background +/bin/gcs -loglevel=debug -logfile=/tmp/gcs.log & + +# Start shell so we can have access for debug +sh