Got dual-mount of the noop/real filesystems working, made all apps aware of it, broke out the initialization logic into disco-fs-init so you can mount/unmount as much as you want, but the time consuming init process won't be repeated unless you ask

client/bin/disco-fs-mount

@@ -1,7 +1,12 @@
 #!/bin/bash
 
 DISCOCFG=/etc/disco
-DISCOROOT=/var/disco/testfs
+if [ "$NOOP" != "" ]; then
+    DISCOROOT=/var/disco/testfs/noop
+else
+    DISCOROOT=/var/disco/testfs/real
+fi
+
 
 mount | grep $DISCOROOT >/dev/null 2>&1
 if [ $? -eq 0 ]; then
@@ -9,78 +14,36 @@ if [ $? -eq 0 ]; then
     exit 1
 fi
 
-# Cleanup old junk
-rm -rf ${DISCOROOT}/scratchfs
-rm -rf ${DISCOROOT}/restricted/*
-rm -rf ${DISCOROOT}/munge/*
-
-# Prepare all the mountpoint directories
-mkdir -p ${DISCOROOT}/chroot
-#mkdir -p ${DISCOROOT}/proc/proc
-#mkdir -p ${DISCOROOT}/sysfs/sys
-mkdir -p ${DISCOROOT}/rootfs
-mkdir -p ${DISCOROOT}/scratchfs
-mkdir -p ${DISCOROOT}/munge
-mkdir -p ${DISCOROOT}/dev/dev
-mkdir -p ${DISCOROOT}/restricted/bin
-
-# Setup all the commands for the bash restricted execution environment
-
-mkdir -p ${DISCOCFG}/restricted.d
-for file in $(cat ${DISCOCFG}/restricted.d/* 2>/dev/null | grep -v "^#")
-do
-    if [ ! -e ${DISCOROOT}/restricted/bin/$(basename $file) ]; then
-	ln -s $file ${DISCOROOT}/restricted/bin/$(basename $file)
-    fi
-done
-
-# Setup some more restricted execution stuff, but only if we actually have $NOOP
-
-if [ "$NOOP" != "" ]; then
-    # Munge up /etc/profile
-    mkdir -p ${DISCOROOT}/munge/etc
-    cp /etc/profile ${DISCOROOT}/munge/etc/profile
-    echo "export PATH=${DISCOROOT}/restricted/bin" >> ${DISCOROOT}/munge/etc/profile
-
-    # Make default wrapper
-    echo -e "#!/bin/bash\necho \"info: Would execute : \$(basename \$0) \$@\"" > ${DISCOROOT}/restricted/bin/_disco_restricted_cmd
-    chmod +x ${DISCOROOT}/restricted/bin/_disco_restricted_cmd
-
-    # Now link everything to the default wrapper
-    for dir in $(echo $PATH | sed s/":"/" "/g)
-    do
-	for file in ${dir}/*
-	do
-	    FNAME=$(basename $file)
-	    if [ "$FNAME" != "bash" ] && [ -x $file ] && [ ! -x ${DISCOROOT}/restricted/bin/$FNAME ] ; then
-		ln -s ${DISCOROOT}/restricted/bin/_disco_restricted_cmd ${DISCOROOT}/restricted/bin/${FNAME}
-	    fi
-	done
-    done
+if [ $(cat ${DISCOROOT}/inited || echo 0) -ne 1 ]; then
+    echo "disco chroot is not initialized, cannot be mounted. Please exec disco-fs-init and try again."
+    exit 1
 fi
 
-# We need SOME special files in /dev like /dev/null, so make them here
-
-mknod ${DISCOROOT}/dev/dev/null c 1 3
-chmod 666 ${DISCOROOT}/dev/dev/null
-
 # Mount all the (real filesystem) layers individually
 
 mount --bind -o ro / ${DISCOROOT}/rootfs 2>&1 | grep -v "seems to be mounted read-write"
 mount -o remount,ro ${DISCOROOT}/rootfs
 
 # Setup filesystem layers. The read/write ones go on the top, with scratchfs ALWAYS on top.
+# We even need the scratchfs in non-noop mode so we can generate the diff output, then rsync
+# everything back onto the real filesystem.
 FSLAYERS="${DISCOROOT}/scratchfs=rw"
-FSLAYERS="${FSLAYERS}:${DISCOROOT}/munge=ro"
+if [ "$NOOP" != "" ]; then
+    FSLAYERS="${FSLAYERS}:${DISCOROOT}/restricted=ro"
+    FSLAYERS="${FSLAYERS}:${DISCOROOT}/munge=ro"
+fi
 FSLAYERS="${FSLAYERS}:${DISCOROOT}/dev=rw"
-#FSLAYERS="${FSLAYERS}:${DISCOROOT}/proc=ro"
-#FSLAYERS="${FSLAYERS}:${DISCOROOT}/sysfs=ro"
 FSLAYERS="${FSLAYERS}:${DISCOROOT}/rootfs=ro"
 
 # Union
 unionfs -o cow,dev,dirs=$FSLAYERS ${DISCOROOT}/chroot
 
 # Duplicate /proc and /sys if they already exist
+# We have to do this here instead of layering them in the unionfs
+# (or just letting unionfs duplicate them entirely) because there is
+# some kind of checking that goes on in certain apps (like ps), that makes them
+# think /proc is not mounted when it actually is, if we don't do this.
+
 mount | grep " on /proc" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
     mount -t proc -o ro none ${DISCOROOT}/chroot/proc
@@ -90,4 +53,4 @@ if [ $? -eq 0 ]; then
     mount -t sysfs -o ro none ${DISCOROOT}/chroot/sys
 fi
 
-exit 0
+exit 0