Running host programs in isolation inside one-off Docker containers

February 17, 2017

I am quite bad at remembering how to launch docker to have everything set up correctly. Hence the following - a script that launches any commandline specified in its arguments inside a new docker container. Current directory is mounted inside the container automatically, so the thing you are executing can have its local dependencies satisfied.

#!/bin/bash
USERNAME=`whoami`
MOUNT_PATH="/mnt"
CURRENT_DIRECTORY=`pwd -P` # untangle symbolic links if needed - SELinux needs the real path
IMAGE="debian:jessie"

if [[ -z $1 ]]; then
    echo "usage: `basename $0` command_to_run_inside_a_container"
    exit 1
fi

RESOLVED_ARGUMENTS="$@"
docker run -i -t -v "$CURRENT_DIRECTORY":"$MOUNT_PATH":Z $IMAGE bash -c "useradd -M -d '$MOUNT_PATH' $USERNAME && cd '$MOUNT_PATH' && bash -c '$RESOLVED_ARGUMENTS'"

# restore SELinux context for the current directory
restorecon_path=`which restorecon`
if [[ -x "$restorecon_path" ]]; then
    restorecon -R "$CURRENT_DIRECTORY"
fi

I use vanilla Debian Jessie as a run platform there, mostly because this is what most of my servers run. The script covers setting up SELinux and mounting the directory from which it is run as /mnt inside the container while also having the default non-root user added.

Run Jessie, run !

https://blog.cyplo.dev/feed.xml