anbox/scripts/classic

#!/bin/sh

set -e

ROOT=$SNAP_COMMON/classic

# $1: source
# $2: target
# $3: if not empty, bind mount will be read-only
# note that we do NOT clean these up at the end, as the user might start many
# classic shells in parallel; we could start all of them in their own mount
# namespace, but that would make the classic shell less useful for
# developing/debugging the snappy host
do_bindmount() {
    if ! mountpoint -q "$ROOT/$2"; then
        if [ -d "$1" -a ! -L "$1" ]; then
            mkdir -p "$ROOT/$2"
        fi
        mount --make-rprivate --rbind -o rbind "$1" "$ROOT/$2"
        if [ -n "${3:-}" ]; then
            mount --rbind -o remount,ro "$1" "$ROOT/$2"
        fi
    fi
}

if [ "$(id -u)" != "0" ]; then
    echo "needs to run as root"
    exit 1
fi

if [ ! -d $ROOT ]; then
    # IMPORTANT: do not run the classic.create as this will run it with
    #            snap-confine again and this will cause havoc with current
    #            snap-confine
    $SNAP/bin/create
fi

# FIXME: confinement will prevent this
do_bindmount /home /home
do_bindmount /run /run
do_bindmount /proc /proc
do_bindmount /sys /sys
do_bindmount /dev /dev
do_bindmount / /snappy

SUDO_USER=root

# fix LP: #1619455
cp -a /var/lib/extrausers/* $ROOT/var/lib/extrausers/
cp -a /etc/sudoers.d/* $ROOT/etc/sudoers.d/

# assemble command line
DEVPTS="mount -o mode=666,ptmxmode=666 -t devpts devpts /dev/pts"
SUDOCMD="sudo debian_chroot=classic -u ${SUDO_USER} -i $@"
# FIXME: workaround for https://bugs.launchpad.net/snappy/+bug/1611493
SCRIPT="script --quiet --return --command \"$SUDOCMD\" /dev/null"

CMD="$DEVPTS; $SCRIPT"

systemd-run --quiet --scope --unit=classic-$$.scope --description="Classic shell" chroot "$ROOT" sh -c "$CMD"

# kill leftover processes after exiting, if it's still around
systemctl stop classic-$$.scope 2>/dev/null || true