From 5798f15cea03312e5e917462db30b6570154bf09 Mon Sep 17 00:00:00 2001
From: Florian Fischer <florian.fischer@muhq.space>
Date: Thu, 22 Jul 2021 10:31:48 +0200
Subject: [PATCH] add docker tooling

Usage run "docker.sh <your command>" to execute <your command> in the
docker image extracted from .gitlab-ci.yml in the emper root directory

NOTE: seccomp filtering is disabled for now since io_uring_* syscalls
are not working everywhere as expected.
---
 docker.sh            | 16 ++++++++++++++++
 tools/docker-prepare | 13 +++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100755 docker.sh
 create mode 100755 tools/docker-prepare

diff --git a/docker.sh b/docker.sh
new file mode 100755
index 00000000..d45d1150
--- /dev/null
+++ b/docker.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# The directory of this script is also EMPER's root directory.
+EMPER_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+
+IMAGE=$(sed --regexp-extended --quiet 's;^image: "([^"]*)"$;\1;p' "${EMPER_ROOT}/.gitlab-ci.yml")
+
+docker run \
+	   --volume="${EMPER_ROOT}:${EMPER_ROOT}" \
+	   --interactive \
+	   --tty \
+	   --env USER_ID="${UID}" \
+	   --env GROUP_ID="$(id -g ${USER})" \
+	   --security-opt=seccomp:unconfined \
+	   "${IMAGE}" \
+	   "${EMPER_ROOT}/tools/docker-prepare" "${EMPER_ROOT}" $@
diff --git a/tools/docker-prepare b/tools/docker-prepare
new file mode 100755
index 00000000..ed3b4c4b
--- /dev/null
+++ b/tools/docker-prepare
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+useradd -u "${USER_ID}" -o -m user
+groupmod -g "${GROUP_ID}" user
+
+OUTSIDE_EMPER_ROOT="${1}"
+shift
+
+cd "${OUTSIDE_EMPER_ROOT}"
+
+# shellcheck disable=SC2068
+exec sudo -u user $@
-- 
GitLab