start a contaniner:
$ docker run --rm -ti --privileged alpine:latest shnext, run code within a container
setup:
$ apk --no-cache add xfsprogs util-linux
$ dd if=/dev/zero of=/xfs.img bs=1M count=100
$ mkfs.xfs /xfs.img
$ mkdir -p /var/lib/docker
$ mount -o noexec,nodev /xfs.img /var/lib/dockersimulate git checkout:
$ cd /var/lib/docker
$ mkdir -p builds/bin
$ printf '#!/bin/sh\nset -ex\ndate\n' > builds/bin/run.sh
$ chmod +x builds/bin/run.sh
$ cd buildsrun script:
$ ./bin/run.sh
sh: ./bin/run.sh: Permission denieddiscover and remount noexec volume by current path:
$ findmnt -lnf -o target,options -T . | awk '$2 ~ /noexec/ {print $1}' | xargs -rt -- mount -o remount,exec
mount -o remount,exec /var/lib/dockerre-run script:
$ ./bin/run.sh
+ date
Tue Nov 9 20:06:12 UTC 2021END