| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- #!/bin/sh
- set -e
- # DinD: a wrapper script which allows docker to be run inside a docker container.
- # Original version by Jerome Petazzoni <jerome@docker.com>
- # See the blog post: https://www.docker.com/blog/docker-can-now-run-within-docker/
- #
- # This script should be executed inside a docker container in privileged mode
- # ('docker run --privileged', introduced in docker 0.6).
- # Usage: dind CMD [ARG...]
- # apparmor sucks and Docker needs to know that it's in a container (c) @tianon
- export container=docker
- if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
- mount -t securityfs none /sys/kernel/security || {
- echo >&2 'Could not mount /sys/kernel/security.'
- echo >&2 'AppArmor detection and --privileged mode might break.'
- }
- fi
- # Mount /tmp (conditionally)
- if ! mountpoint -q /tmp; then
- mount -t tmpfs none /tmp
- fi
- # cgroup v2: enable nesting
- if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
- # move the processes from the root group to the /init group,
- # otherwise writing subtree_control fails with EBUSY.
- # An error during moving non-existent process (i.e., "cat") is ignored.
- mkdir -p /sys/fs/cgroup/init
- xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
- # enable controllers
- sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
- > /sys/fs/cgroup/cgroup.subtree_control
- fi
- # Change mount propagation to shared to make the environment more similar to a
- # modern Linux system, e.g. with SystemD as PID 1.
- mount --make-rshared /
- if [ $# -gt 0 ]; then
- exec "$@"
- fi
- echo >&2 'ERROR: No command specified.'
- echo >&2 'You probably want to run hack/make.sh, or maybe a shell?'
|
