Everywhere: Initial commit

networkException · networkException · commit 2094e0150d51 · 2023-01-23T20:22:49.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,119 @@
+FROM ubuntu:jammy-20221130 as sysbox-builder
+
+ARG KERNEL_ARCH=amd64
+ARG KERNEL_VERSION=5.15.0-58-generic
+ARG SYSBOX_COMMIT=v0.5.2
+
+RUN apt-get update -y && apt-get upgrade -y && apt-get install --no-install-recommends -y \
+    linux-headers-$KERNEL_VERSION \
+    git \
+    make \
+    protobuf-compiler \
+    golang-goprotobuf-dev \
+    autoconf \
+    libtool \
+    golang-go \
+    ca-certificates \
+    automake \
+    kmod \
+    iproute2 \
+    lsb-release
+
+RUN git clone https://github.com/nestybox/sysbox && git -C /sysbox checkout $SYSBOX_COMMIT
+
+WORKDIR /sysbox
+
+# Taken from https://github.com/nestybox/sysbox/blob/master/.travis.yml
+RUN sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules && \
+    git submodule update --init && \
+    sed -i 's/git@github.com:/https:\/\/github.com\//' sysbox-fs/.gitmodules && \
+    sed -i 's/git@github.com:/https:\/\/github.com\//' sysbox-libs/.gitmodules && \
+    git -C sysbox-fs submodule update --init && \
+    git -C sysbox-libs submodule update --init
+
+RUN sed -i "s/\$(shell uname -r)/$KERNEL_VERSION/" Makefile
+
+RUN TARGET_ARCH=$KERNEL_ARCH make sysbox-local
+RUN make install
+
+# NOTE: This has been taken from https://github.com/nestybox/sysbox/blob/master/sysbox-in-docker/Dockerfile.ubuntu-focal with
+#       focal being replaced with jammy
+
+#
+# Sysbox-In-Docker Container Dockerfile (Ubuntu-Focal image)
+#
+# This Dockerfile creates the sysbox-in-docker container image, which holds
+# all Sysbox binaries and its dependencies. The goal is to allow users to run
+# an entire Sysbox sandbox within a container.
+#
+# NOTE: Sysbox is a container runtime and thus needs host root privileges. As a
+# result, this image must be run as a privileged container, and a few resources
+# must be bind-mounted to meet Sysbox requirements as well as those of system-level
+# apps running in inner containers. Notice that within the privileged container,
+# inner containers launched with Docker + Sysbox will be strongly isolated from the
+# host by Sysbox (e.g., via the Linux user-namespace).
+#
+# Instructions:
+#
+# * Image creation:
+#
+#   $ make sysbox-in-docker ubuntu-focal
+#
+# * Container creation:
+#
+# docker run -d --privileged --rm --hostname sysbox-in-docker --name sysbox-in-docker \
+#                -v /var/tmp/sysbox-var-lib-docker:/var/lib/docker \
+#                -v /var/tmp/sysbox-var-lib-sysbox:/var/lib/sysbox \
+#                -v /lib/modules/$(uname -r):/lib/modules/$(uname -r):ro \
+#                -v /usr/src/linux-headers-$(uname -r):/usr/src/linux-headers-$(uname -r):ro \
+#                -v /usr/src/linux-headers-$(uname -r | cut -d"-" -f 1,2):/usr/src/linux-headers-$(uname -r | cut -d"-" -f 1,2):ro \
+#                nestybox/sysbox-in-docker:ubuntu-focal
+#
+
+FROM ubuntu:jammy
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+       apt-utils \
+       ca-certificates \
+       wget \
+       curl \
+       iproute2 \
+       jq \
+       fuse \
+       rsync \
+       dialog \
+       kmod \
+       bash-completion \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && echo ". /etc/bash_completion" >> /etc/bash.bashrc
+
+# Install Docker.
+RUN curl -fsSL https://get.docker.com -o get-docker.sh
+RUN sh get-docker.sh
+ADD https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker /etc/bash_completion.d/docker.sh
+
+# S6 process-supervisor installation.
+ADD https://github.com/just-containers/s6-overlay/releases/download/v2.1.0.2/s6-overlay-amd64-installer /tmp/
+RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /
+
+ENV \
+    # Pass envvar variables to agents
+    S6_KEEP_ENV=1 \
+    # Direct all agent logs to stdout.
+    S6_LOGGING=0 \
+    # Exit container if entrypoint fails.
+    S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+
+COPY s6-services /etc/services.d/
+COPY sysbox.sh /etc/cont-init.d/
+
+# Copy Sysbox artifacts.
+COPY --from=sysbox-builder /usr/bin/sysbox-mgr /usr/bin/sysbox-mgr
+COPY --from=sysbox-builder /usr/bin/sysbox-fs /usr/bin/sysbox-fs
+COPY --from=sysbox-builder /usr/bin/sysbox-runc /usr/bin/sysbox-runc
+
+ENTRYPOINT ["/init"]
diff --git a/s6-services/docker/run b/s6-services/docker/run
@@ -0,0 +1,4 @@
+#!/usr/bin/execlineb -P
+
+# Launch dockerd and redirect its stdout/stderr.
+redirfd -w 2 /var/log/dockerd.log /usr/bin/dockerd
diff --git a/s6-services/sysbox-fs/run b/s6-services/sysbox-fs/run
@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb -P
+
+/usr/bin/sysbox-fs --ignore-handler-errors --log /var/log/sysbox-fs.log
diff --git a/s6-services/sysbox-mgr/run b/s6-services/sysbox-mgr/run
@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb -P
+
+/usr/bin/sysbox-mgr --disable-shiftfs --log /var/log/sysbox-mgr.log
diff --git a/sysbox.sh b/sysbox.sh

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/usr/bin/execlineb -P`
	`2`	`+`
	`3`	`+/usr/bin/sysbox-fs --ignore-handler-errors --log /var/log/sysbox-fs.log`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/usr/bin/execlineb -P`
	`2`	`+`
	`3`	`+/usr/bin/sysbox-mgr --disable-shiftfs --log /var/log/sysbox-mgr.log`