From 65b5eacaa500e702b982c6848e1ffc18094bc9a9 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Fri, 9 Jun 2023 11:07:25 +0200 Subject: demo: with mknod and podman Splited common functions in web/common.sh and created new script for mknod demo. The demo uses the mount namespace of the caller. Additionally, this removes extra commented lines in demo/mknod.hjson. --- web/demo_mknod_podman.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100755 web/demo_mknod_podman.sh (limited to 'web/demo_mknod_podman.sh') diff --git a/web/demo_mknod_podman.sh b/web/demo_mknod_podman.sh new file mode 100755 index 0000000..3650e18 --- /dev/null +++ b/web/demo_mknod_podman.sh @@ -0,0 +1,72 @@ +#!/bin/sh -ef + + +SESSION=dmknod +VIDEO=seitan-mknod +PSEITAN=2 +PPODMAN=1 +source web/common.sh + +split_panes() { + tmux split-window -h + tmux send-keys -t $SESSION 'PS1="$ " && clear' ENTER +} + +SCRIPT_podman_no_seitan=' +sudo podman run -ti \ + --runtime /usr/bin/crun -u 1000 \ + --rm --cap-drop ALL \ + quay.io/fedora/fedora \ + mknod /dev/lol c 1 7 +## +' + +SCRIPT_cooker=' +clear +cat demo/mknod.hjson +### +clear +./seitan-cooker demo/mknod.hjson demo/mknod.gluten demo/mknod.bpf +### +clear +' + +SCRIPT_seitan=' +sudo ./seitan -s /tmp/seitan.sock -i demo/mknod.gluten +## +' + +SCRIPT_podman_seitan=" +sudo podman run -ti --runtime /usr/bin/crun -u 1000 --rm --cap-drop ALL \\ + --annotation run.oci.seccomp_bpf_data=\"$(base64 -w0 demo/mknod.bpf)\" \ + --annotation run.oci.seccomp.receiver=/tmp/seitan.sock \\ + quay.io/fedora/fedora \\ + sh -c 'mknod /dev/lol c 1 7 && ls /dev/lol' +## +" + +# Pre-pull image before starting the recording +sudo podman pull quay.io/fedora/fedora + +setup_common + +tmux send-keys -t $SESSION -l 'reset' +tmux send-keys -t $SESSION C-m +tmux rename-window -t $SESSION 'Seitan demo: run mknod in container' +sleep 10 + +asciinema rec --overwrite ${VIDEO}.cast -c 'tmux attach -t $SESSION' & +tmux refresh-client + +script podman_no_seitan +script cooker + +# Start seitan and podman +split_panes +tmux select-pane -t $PSEITAN +script seitan +tmux select-pane -t $PPODMAN +script podman_seitan + +teardown_common +gzip -fk9 ${VIDEO}.cast -- cgit v1.2.3