blob: f0d0fa1e95f4ac415ca7cb451c52d92160482d4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#!/bin/bash
set -euo pipefail
filesdir="$(dirname "$0")"
cd "$filesdir"
ghcup_base=$(ghcup whereis basedir)
chroot="${filesdir}/ubuntu-base"
args=(
--tmpfs /tmp
--ro-bind "${chroot}/bin" /bin
--ro-bind "${chroot}/usr/bin" /usr/bin
--ro-bind "${chroot}/usr/lib" /usr/lib
--ro-bind "${chroot}/usr/include" /usr/include
--ro-bind "${chroot}/lib" /lib
--ro-bind "${chroot}/lib64" /lib64
--dir "${ghcup_base}"
--ro-bind "${ghcup_base}/bin" "${ghcup_base}/bin"
--ro-bind "${ghcup_base}/ghc" "${ghcup_base}/ghc"
--ro-bind "${ghcup_base}/cache" "${ghcup_base}/cache"
--ro-bind "${filesdir}/workdir" /workdir
--setenv PATH "/bin:/usr/bin:${ghcup_base}/bin"
--setenv GHCUP_INSTALL_BASE_PREFIX "$(dirname ${ghcup_base})"
--proc /proc
--chdir "/tmp"
--new-session
--unshare-all
--die-with-parent
/bin/bash "/workdir/entry.sh"
)
# Turn off core files
ulimit -c 0
# Limit on the number of processes
ulimit -u 10000
# Limit memory to 500 MiB.
ulimit -d $(( 500 * 1024 ))
exec bwrap "${args[@]}"
|
