package_to_container: Bundle container config files into squashfs
This puts the config.json and runtime.json files directly
into the container squashfs.
BUG=none
TEST=Run package_to_container, mount the resulting squashfs, and
verify that /config/config.json and /config/runtime.json are
there.
Change-Id: I0f47305befc26e064746a8b21180b09a37c0ba50
Reviewed-on: https://chromium-review.googlesource.com/368458
Commit-Ready: Keshav Santhanam <ksanthanam@google.com>
Tested-by: Keshav Santhanam <ksanthanam@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
diff --git a/generic_container_files/config.json b/generic_container_files/config.json
new file mode 100644
index 0000000..d5eedc8
--- /dev/null
+++ b/generic_container_files/config.json
@@ -0,0 +1,78 @@
+{
+ "version": "0.2.0",
+ "platform": {
+ "os": "linux"
+ },
+ "process": {
+ "user": {
+ "uid": 1000,
+ "gid": 1000,
+ "additionalGids": null
+ },
+ "args": [
+ ":"
+ ]
+ },
+ "root": {
+ "path": "root"
+ },
+ "hostname": "generic_container",
+ "mounts": [
+ {
+ "name": "dev",
+ "path": "/dev"
+ },
+ {
+ "name": "dev_bus",
+ "path": "/dev/bus"
+ },
+ {
+ "name": "dev_bus_usb",
+ "path": "/dev/bus/usb"
+ },
+ {
+ "name": "dev_null",
+ "path": "/dev/null"
+ },
+ {
+ "name": "dev_random",
+ "path": "/dev/random"
+ },
+ {
+ "name": "dev_urandom",
+ "path": "/dev/urandom"
+ },
+ {
+ "name": "proc",
+ "path": "/proc"
+ },
+ {
+ "name": "run_broker_service",
+ "path": "/run/broker_service"
+ },
+ {
+ "name": "sys",
+ "path": "/sys"
+ },
+ {
+ "name": "sys_bus",
+ "path": "/sys/bus"
+ },
+ {
+ "name": "sys_bus_usb",
+ "path": "/sys/bus/usb"
+ },
+ {
+ "name": "sys_bus_usb_devices",
+ "path": "/sys/bus/usb/devices"
+ },
+ {
+ "name": "sys_devices",
+ "path": "/sys/devices"
+ },
+ {
+ "name": "tmp",
+ "path": "/tmp"
+ }
+ ]
+}
diff --git a/generic_container_files/runtime.json b/generic_container_files/runtime.json
new file mode 100644
index 0000000..20e327b
--- /dev/null
+++ b/generic_container_files/runtime.json
@@ -0,0 +1,126 @@
+{
+ "mounts": {
+ "dev": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "dev_bus": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "dev_bus_usb": {
+ "type": "bind",
+ "source": "/dev/bus/usb",
+ "options": [
+ "bind"
+ ]
+ },
+ "dev_random": {
+ "type": "bind",
+ "source": "/dev/random",
+ "options": [
+ "bind"
+ ]
+ },
+ "dev_urandom": {
+ "type": "bind",
+ "source": "/dev/urandom",
+ "options": [
+ "bind"
+ ]
+ },
+ "dev_null": {
+ "type": "bind",
+ "source": "/dev/null",
+ "options": [
+ "bind"
+ ]
+ },
+ "sys": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "proc": {
+ "type": "proc",
+ "source": "proc",
+ "options": [
+ "noexec",
+ "nodev",
+ "nosuid"
+ ]
+ },
+ "run": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "run_broker_service" : {
+ "type": "bind",
+ "source": "/run/broker_service",
+ "options": [
+ "noexec",
+ "nodev",
+ "bind"
+ ]
+ },
+ "sys_bus": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "sys_bus_usb": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ },
+ "sys_bus_usb_devices": {
+ "type": "bind",
+ "source": "/sys/bus/usb/devices",
+ "options": [
+ "bind"
+ ]
+ },
+ "sys_devices": {
+ "type": "bind",
+ "source": "/sys/devices",
+ "options": [
+ "bind"
+ ]
+ },
+ "tmp": {
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "mode=0755"
+ ]
+ }
+ },
+ "linux": {
+ "uidMappings": "0 1000 1",
+ "gidMappings": "0 1000 1",
+ "devices": [],
+ "altSysCallTable": "third_party"
+ }
+}
diff --git a/package_to_container b/package_to_container
index b29785b..8fec90f 100755
--- a/package_to_container
+++ b/package_to_container
@@ -43,7 +43,12 @@
install_with_no_deps "chromeos-base/libcontainer_overrides" "${ROOTDIR}"
info "Creating top level dirs and socket dirs ... "
- sudo mkdir -p "${ROOTDIR}"/{dev,proc,root,run/broker_service,sys,home/user}
+ sudo mkdir -p "${ROOTDIR}"/{dev,proc,root,sys,home/user,config}
+ sudo mkdir -p "${ROOTDIR}"/run/broker_service
+
+ info "Adding runtime.json and config.json files ... "
+ sudo cp generic_container_files/config.json "${ROOTDIR}/config"
+ sudo cp generic_container_files/runtime.json "${ROOTDIR}/config"
info "Generating squashfs file ... "
mksquashfs "${ROOTDIR}" "${container_name}.sqsh"
