github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/hack/dind (about) 1 #!/bin/sh 2 set -e 3 4 # DinD: a wrapper script which allows docker to be run inside a docker container. 5 # Original version by Jerome Petazzoni <jerome@docker.com> 6 # See the blog post: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/ 7 # 8 # This script should be executed inside a docker container in privileged mode 9 # ('docker run --privileged', introduced in docker 0.6). 10 11 # Usage: dind CMD [ARG...] 12 13 # apparmor sucks and Docker needs to know that it's in a container (c) @tianon 14 export container=docker 15 16 if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then 17 mount -t securityfs none /sys/kernel/security || { 18 echo >&2 'Could not mount /sys/kernel/security.' 19 echo >&2 'AppArmor detection and --privileged mode might break.' 20 } 21 fi 22 23 # Mount /tmp (conditionally) 24 if ! mountpoint -q /tmp; then 25 mount -t tmpfs none /tmp 26 fi 27 28 # cgroup v2: enable nesting 29 if [ -f /sys/fs/cgroup/cgroup.controllers ]; then 30 # move the processes from the root group to the /init group, 31 # otherwise writing subtree_control fails with EBUSY. 32 # An error during moving non-existent process (i.e., "cat") is ignored. 33 mkdir -p /sys/fs/cgroup/init 34 xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || : 35 # enable controllers 36 sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \ 37 > /sys/fs/cgroup/cgroup.subtree_control 38 fi 39 40 # Change mount propagation to shared to make the environment more similar to a 41 # modern Linux system, e.g. with SystemD as PID 1. 42 mount --make-rshared / 43 44 if [ $# -gt 0 ]; then 45 exec "$@" 46 fi 47 48 echo >&2 'ERROR: No command specified.' 49 echo >&2 'You probably want to run hack/make.sh, or maybe a shell?'