Improve build, cleanup, and random tmp folder

airadier · Sep 15, 2021 · 1031a28 · 1031a28
1 parent a72676e
commit 1031a28
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 17 deletions.
diff --git a/Makefile b/Makefile
@@ -7,7 +7,9 @@ rootfs.tar.gz: rootfs.tar
 	gzip -f -k rootfs.tar
 
 rootfs.tar:
-	docker export $(shell docker create quay.io/sysdig/secure-inline-scan:2) -o rootfs.tar
+	$(eval CONTAINER_ID := $(shell docker create quay.io/sysdig/secure-inline-scan:2))
+	docker export $(CONTAINER_ID) -o rootfs.tar
+	docker rm $(CONTAINER_ID)
 	mkdir rootfs
 	tar -C rootfs -xvf rootfs.tar
 	chmod -R u+rw rootfs/*
@@ -23,4 +25,4 @@ build: rootfs.tar.gz main.go
 #	docker run --rm -v $(shell pwd):/go/src/app -w /go/src/app golang:1.17-stretch sh -c "objdump -T ctrwrap | grep GLIBC_"
 
 build-local: main.go
-	CGO_ENABLED=$(CGO_ENABLED)  go build ${GO_LDFLAGS_STATIC} -o ctrwrap main.go
+	CGO_ENABLED=$(CGO_ENABLED) go build ${GO_LDFLAGS_STATIC} -o ctrwrap main.go
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ make
 
 Root filesytem can be created with:
 ```
-docker export (docker create secure-inline-scan:2) -o rootfs.tar
+docker export (docker create quay.io/sysdig/secure-inline-scan:2) -o rootfs.tar
 ```
 and then compressed with gzip
 

diff --git a/main.go b/main.go
@@ -27,12 +27,6 @@ var rootfs []byte
 //go:embed "config.json"
 var configjson []byte
 
-//TODO: Rootless
-
-//TODO: Random tmp folder
-const rootFsTmp = "/tmp/rootfs"
-const stateTmp = "/tmp/container"
-
 func init() {
 	if len(os.Args) > 1 && os.Args[1] == "init" {
 		runtime.GOMAXPROCS(1)
@@ -47,20 +41,29 @@ func init() {
 
 func main() {
 
-	logrus.Infof("Extracting...\n")
+	rootFsTmp, err := ioutil.TempDir("", "rootfs")
+	if err != nil {
+		logrus.Error(err)
+		return
+	}
+
+	logrus.Infof("Extracting to %s...", rootFsTmp)
 
-	// Make the rootfs directory.
-	if err := os.MkdirAll(rootFsTmp, 0755); err != nil {
+	stateTmp, err := ioutil.TempDir("", "containerstate")
+	if err != nil {
 		logrus.Error(err)
 		return
 	}
 
 	defer func() {
-		logrus.Infof("Removing extracted files...\n")
+		logrus.Infof("Removing extracted files from %s...", rootFsTmp)
 		// Remove the rootfs after the container has exited.
 		if err := os.RemoveAll(rootFsTmp); err != nil {
 			logrus.Warnf("removing rootfs failed: %v", err)
 		}
+		if err := os.RemoveAll(stateTmp); err != nil {
+			logrus.Warnf("removing container state failed: %v", err)
+		}
 	}()
 
 	// Unpack the tarball.
@@ -70,7 +73,7 @@ func main() {
 		return
 	}
 
-	logrus.Infof("Copying resolv.conf...\n")
+	logrus.Infof("Copying resolv.conf...")
 	resolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
 	if err != nil {
 		logrus.Error(err)
@@ -83,7 +86,7 @@ func main() {
 		return
 	}
 
-	logrus.Infof("Executing...\n")
+	logrus.Infof("Executing...")
 	factory, err := libcontainer.New(stateTmp, libcontainer.Cgroupfs, libcontainer.InitArgs(os.Args[0], "init"))
 	if err != nil {
 		logrus.Error(err)
@@ -103,7 +106,7 @@ func main() {
 		return
 	}
 
-	logrus.Infof("Current user: %+v\n", u)
+	logrus.Infof("Current user: %+v", u)
 
 	var processConfig struct {
 		Process struct {
@@ -309,7 +312,7 @@ func main() {
 	}
 
 	args := append(processConfig.Process.Args, os.Args[1:]...)
-	logrus.Infof("Args: %v\n", args)
+	logrus.Infof("Args: %v", args)
 
 	process := &libcontainer.Process{
 		Args:   args,