Implements executing the init system

doc/toolbox-create.1.md

@@ -5,6 +5,7 @@ toolbox\-create - Create a new toolbox container
 
 ## SYNOPSIS
 **toolbox create** [*--candidate-registry*]
+               [*--init*]
                [*--container NAME* | *-c NAME*]
                [*--image NAME* | *-i NAME*]
                [*--release RELEASE* | *-r RELEASE*]
@@ -35,6 +36,11 @@ Pull the base image from `candidate-registry.fedoraproject.org`. This is
 useful for testing newly built images before they have moved to the stable
 registry at `registry.fedoraproject.org`.
 
+**--init**
+
+Initialize container with system init running inside. It allows to run system
+daemons inside but prevents accessing host daemons using systemd.
+
 **--container** NAME, **-c** NAME
 
 Assign a different NAME to the toolbox container. This is useful for creating

doc/toolbox-init-container.1.md

@@ -11,6 +11,8 @@ toolbox\-init\-container - Initialize a running container
                        *--shell SHELL*
                        *--uid UID*
                        *--user USER*
+                       *--name TOOLBOX_NAME*
+                       *--init*
 
 ## DESCRIPTION
 
@@ -53,6 +55,14 @@ Create a user inside the toolbox container whose numerical user ID is UID.
 
 Create a user inside the toolbox container whose login name is LOGIN.
 
+**--name TOOLBOX_NAME**
+
+Set the toolbox name, required for initialization.
+
+**--init**
+
+Run init inside container.
+
 ## SEE ALSO
 
 `podman(1)`, `podman-create(1)`, `podman-start(1)`

toolbox

@@ -72,6 +72,7 @@ toolbox_image=""
 toolbox_runtime_directory="$XDG_RUNTIME_DIR"/toolbox
 user_id_real=$(id -ru 2>&3)
 verbose=false
+init=false
 
 
 LGC='\033[1;32m' # Light Green Color
@@ -1059,8 +1060,19 @@ create()
         spinner_directory=""
     fi
 
+    if $init; then
+        pid_ns=""
+        init_option="--init"
+        system_dbus_bind=""
+    else
+        pid_ns="--pid host"
+        init_option=""
+        system_dbus_bind="--volume $dbus_system_bus_path:$dbus_system_bus_path"
+    fi
+
     # shellcheck disable=SC2086
     $podman_command create \
+            --tmpfs /run \
             --dns none \
             --env TOOLBOX_PATH="$TOOLBOX_PATH" \
             --group-add "$group_for_sudo" \
@@ -1071,7 +1083,7 @@ create()
             --name $toolbox_container \
             --network host \
             --no-hosts \
-            --pid host \
+            $pid_ns \
             --privileged \
             --security-opt label=disable \
             $ulimit_host \
@@ -1084,7 +1096,7 @@ create()
             --volume "$TOOLBOX_PATH":/usr/bin/toolbox:ro \
             --volume "$XDG_RUNTIME_DIR":"$XDG_RUNTIME_DIR" \
             --volume "$XDG_RUNTIME_DIR"/.flatpak-helper/monitor:/run/host/monitor \
-            --volume "$dbus_system_bus_path":"$dbus_system_bus_path" \
+            $system_dbus_bind \
             --volume "$home_canonical":"$home_canonical":rslave \
             --volume /etc:/run/host/etc \
             --volume /dev:/dev:rslave \
@@ -1095,6 +1107,8 @@ create()
             --volume /var:/run/host/var:rslave \
             "$base_toolbox_image_full" \
             toolbox --verbose init-container \
+                    $init_option \
+                    --name $toolbox_container \
                     --home "$HOME" \
                     $home_link \
                     $media_link \
@@ -1146,6 +1160,8 @@ init_container()
     init_container_shell="$5"
     init_container_uid="$6"
     init_container_user="$7"
+    init_container_name="$8"
+    init_container_init="$9"
 
     if [ "$XDG_RUNTIME_DIR" = "" ] 2>&3; then
         echo "$base_toolbox_command: XDG_RUNTIME_DIR is unset" >&3
@@ -1156,7 +1172,7 @@ init_container()
         toolbox_runtime_directory="$XDG_RUNTIME_DIR"/toolbox
     fi
 
-    init_container_initialized_stamp="$toolbox_runtime_directory"/container-initialized-"$$"
+    init_container_initialized_stamp="$toolbox_runtime_directory"/container-initialized-"$init_container_name"
 
     echo "$base_toolbox_command: creating /run/.toolboxenv" >&3
 
@@ -1346,9 +1362,13 @@ EOF
         return 1
     fi
 
-    echo "$base_toolbox_command: going to sleep" >&3
-
-    exec sleep +Inf
+    if $init_container_init; then
+        echo "$base_toolbox_command: starting /sbin/init" >&3
+        exec /sbin/init
+    else
+        echo "$base_toolbox_command: going to sleep" >&3
+        sleep +Inf
+    fi
 }
 
 
@@ -1489,22 +1509,7 @@ run()
     if [ "$entry_point" = "toolbox" ] 2>&3; then
         echo "$base_toolbox_command: waiting for container $toolbox_container to finish initializing" >&3
 
-        if ! entry_point_pid=$($podman_command inspect --format "{{.State.Pid}}" --type container "$toolbox_container" 2>&3); then
-            echo "$base_toolbox_command: failed to inspect entry point PID of container $toolbox_container" >&2
-            exit 1
-        fi
-
-        if ! is_integer "$entry_point_pid"; then
-            echo "$base_toolbox_command: failed to parse entry point PID of container $toolbox_container" >&2
-            exit 1
-        fi
-
-        if [ "$entry_point_pid" -le 0 ] 2>&3; then
-            echo "$base_toolbox_command: invalid entry point PID of container $toolbox_container" >&2
-            exit 1
-        fi
-
-        container_initialized_stamp="$toolbox_runtime_directory/container-initialized-$entry_point_pid"
+        container_initialized_stamp="$toolbox_runtime_directory/container-initialized-$toolbox_container"
         container_initialized_timeout=25 #s
 
         i=0
@@ -2290,6 +2295,14 @@ if [ -f /run/.containerenv ] 2>&3; then
                         exit_if_missing_argument --user "$1"
                         init_container_user="$1"
                         ;;
+                    --name )
+                        shift
+                        exit_if_missing_argument --name "$1"
+                        init_container_name="$1"
+                        ;;
+                    --init )
+                        init_container_init=true
+                        ;;
                     * )
                         exit_if_unrecognized_option "$1"
                 esac
@@ -2302,7 +2315,9 @@ if [ -f /run/.containerenv ] 2>&3; then
                     "$init_container_monitor_host" \
                     "$init_container_shell" \
                     "$init_container_uid" \
-                    "$init_container_user"
+                    "$init_container_user" \
+                    "$init_container_name" \
+                    "$init_container_init"
             exit "$?"
             ;;
         reset )
@@ -2337,6 +2352,9 @@ case $op in
                 --candidate-registry )
                     registry=$registry_candidate
                     ;;
+                --init )
+                    init=true
+                    ;;
                 -c | --container )
                     shift
                     exit_if_missing_argument --container "$1"