fcojperez/README.md

## README.md

      
    Raw
  

              README.md
            
          
    chroot1

chroot1.sh is a bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas.
The script creates a process isolated sandbox using unshare. More information on https://www.manning.com/books/core-kubernetes

  
## chroot1.sh
#!/bin/bash

### A bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas
### Modified to create a process isolated sandbox using unshare
### https://www.manning.com/books/core-kubernetes

is_path_mounted() {
    local path_to_check="$1"

    # Get the list of mounted filesystems
    mounted_path=$(mount |grep "${path_to_check}" |awk '{print $3}')

    # Check if the specified path is in the list of mounted paths
    if [ "$mounted_path" = "$path_to_check" ]; then
       echo "The path $path_to_check is already mounted ($mounted_path)."
      return 0  # true
    fi

    echo "The path $path_to_check is not mounted ($mounted_path)."
    return 1  # false
}


if [ -z "$1" ]
then
  SANDBOX_PATH="/home/namespace/box"
else
  SANDBOX_PATH=$1
fi


echo "SANDBOX_PATH=${SANDBOX_PATH}"


creating_minimal_sandbox(){
  ### Creating sandbox
  local sbox_path=$1
  mkdir -p ${sbox_path} ${sbox_path}/bin ${sbox_path}/lib ${sbox_path}/lib64 ${sbox_path}/proc ${sbox_path}/data

  ### Customizing sandbox
  cp -v /usr/bin/kill /usr/bin/ps /usr/bin/grep /bin/bash /bin/ls ${sbox_path}/bin/

  ### Copying kernel libs
  CP_COMMAND="cp -v -r -p --reflink=auto --update"
  ${CP_COMMAND} /lib/* ${sbox_path}/lib/
  ${CP_COMMAND} /lib64/* ${sbox_path}/lib64/
}

mounting_volumes(){
  local sbox_path=$1
  ### Mounting proc
  if is_path_mounted "${sbox_path}/proc"
  then
    echo "Already mounted ${sbox_path}/proc"
  else
    echo "Mounting ${sbox_path}/proc"
    mount -t proc proc ${sbox_path}/proc
  fi

  ### Binding local tmp as data folder
  if is_path_mounted "${sbox_path}/data"
  then
    echo "Already mounted ${sbox_path}/data"
  else
    echo "Mounting ${sbox_path}/data"
    mount --bind /tmp/ ${sbox_path}/data
  fi
}

running_sandbox(){
  local sbox_path=$1
  unshare -p -f --mount-proc=${sbox_path}/proc chroot ${sbox_path} /bin/bash
}
main(){
  creating_minimal_sandbox "${SANDBOX_PATH}"
  mounting_volumes "${SANDBOX_PATH}"
  running_sandbox "${SANDBOX_PATH}"
}

main $@
	#!/bin/bash

	### A bash script to create a custom sandbox based on chroot0.sh from book Core Kubernetes. Christopher Love, Jay Vyas
	### Modified to create a process isolated sandbox using unshare
	### https://www.manning.com/books/core-kubernetes

	is_path_mounted() {
	local path_to_check="$1"

	# Get the list of mounted filesystems
	mounted_path=$(mount \|grep "${path_to_check}" \|awk '{print $3}')

	# Check if the specified path is in the list of mounted paths
	if [ "$mounted_path" = "$path_to_check" ]; then
	echo "The path $path_to_check is already mounted ($mounted_path)."
	return 0 # true
	fi

	echo "The path $path_to_check is not mounted ($mounted_path)."
	return 1 # false
	}



	if [ -z "$1" ]
	then
	SANDBOX_PATH="/home/namespace/box"
	else
	SANDBOX_PATH=$1
	fi


	echo "SANDBOX_PATH=${SANDBOX_PATH}"


	creating_minimal_sandbox(){
	### Creating sandbox
	local sbox_path=$1
	mkdir -p ${sbox_path} ${sbox_path}/bin ${sbox_path}/lib ${sbox_path}/lib64 ${sbox_path}/proc ${sbox_path}/data

	### Customizing sandbox
	cp -v /usr/bin/kill /usr/bin/ps /usr/bin/grep /bin/bash /bin/ls ${sbox_path}/bin/

	### Copying kernel libs
	CP_COMMAND="cp -v -r -p --reflink=auto --update"
	${CP_COMMAND} /lib/* ${sbox_path}/lib/
	${CP_COMMAND} /lib64/* ${sbox_path}/lib64/
	}

	mounting_volumes(){
	local sbox_path=$1
	### Mounting proc
	if is_path_mounted "${sbox_path}/proc"
	then
	echo "Already mounted ${sbox_path}/proc"
	else
	echo "Mounting ${sbox_path}/proc"
	mount -t proc proc ${sbox_path}/proc
	fi

	### Binding local tmp as data folder
	if is_path_mounted "${sbox_path}/data"
	then
	echo "Already mounted ${sbox_path}/data"
	else
	echo "Mounting ${sbox_path}/data"
	mount --bind /tmp/ ${sbox_path}/data
	fi
	}

	running_sandbox(){
	local sbox_path=$1
	unshare -p -f --mount-proc=${sbox_path}/proc chroot ${sbox_path} /bin/bash
	}
	main(){
	creating_minimal_sandbox "${SANDBOX_PATH}"
	mounting_volumes "${SANDBOX_PATH}"
	running_sandbox "${SANDBOX_PATH}"
	}

	main $@