2025-09-25 22:29:24 -03:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
SCRIPT_PATH=$(dirname $(realpath -s $0))
|
|
|
|
|
MUVM_PATH=$(dirname $(which muvm))
|
|
|
|
|
PASST_PATH=$(dirname $(which passt))
|
2025-09-25 22:29:24 -03:00
|
|
|
HOST_OPENGL_DRIVER=/run/opengl-driver
|
|
|
|
|
MICROVM_CLOSURE=
|
|
|
|
|
MICROVM_COMMAND=()
|
2025-09-25 22:29:24 -03:00
|
|
|
MICROVM_UID=1337
|
|
|
|
|
MICROVM_GID=1337
|
2025-09-25 22:29:24 -03:00
|
|
|
BWRAP_ARGS=()
|
|
|
|
|
MUVM_ARGS=()
|
|
|
|
|
GPU=1
|
|
|
|
|
WAYLAND=1
|
|
|
|
|
PIPEWIRE=1
|
|
|
|
|
X11=0
|
2025-09-25 22:29:24 -03:00
|
|
|
export TMP=/tmp TMPDIR=/tmp TEMP=/tmp TEMPDIR=/tmp LC_ALL=C
|
2025-09-25 22:29:24 -03:00
|
|
|
|
|
|
|
|
while [ "$#" -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
2025-09-25 22:29:24 -03:00
|
|
|
-u|--uid) MICROVM_UID="$2"; shift 2;;
|
|
|
|
|
-g|--gid) MICROVM_GID="$2"; shift 2;;
|
2025-09-25 22:29:24 -03:00
|
|
|
--no-gpu) GPU=0; shift 1;;
|
|
|
|
|
--no-wayland) WAYLAND=0; shift 1;;
|
|
|
|
|
--no-pipewire) PIPEWIRE=0; shift 1;;
|
|
|
|
|
--x11) X11=1; shift 1;;
|
|
|
|
|
--bind) BWRAP_ARGS+=("--bind" "$2" "$3"); shift 3;;
|
|
|
|
|
--ro-bind) BWRAP_ARGS+=("--ro-bind" "$2" "$3"); shift 3;;
|
|
|
|
|
--expose) BWRAP_ARGS+=("--bind" "$2" "$2"); shift 2;;
|
|
|
|
|
--ro-expose) BWRAP_ARGS+=("--ro-bind" "$2" "$2"); shift 2;;
|
|
|
|
|
--host-opengl-driver) HOST_OPENGL_DRIVER="$2"; shift 2;;
|
|
|
|
|
--munix-bin-dir) SCRIPT_PATH="$2"; shift 2;;
|
|
|
|
|
--muvm-bin-dir) MUVM_PATH="$2"; shift 2;;
|
|
|
|
|
--passt-bin-dir) PASST_PATH="$2"; shift 2;;
|
2025-09-26 06:09:41 -03:00
|
|
|
--) shift 1; MICROVM_COMMAND+=("$@"); break;;
|
2025-09-25 22:29:24 -03:00
|
|
|
-*) echo "munix: unknown option: $1" >&2; exit 1;;
|
|
|
|
|
*)
|
|
|
|
|
if [ "$MICROVM_CLOSURE" = "" ]; then
|
|
|
|
|
MICROVM_CLOSURE="$1"
|
|
|
|
|
else
|
|
|
|
|
MICROVM_COMMAND+=("$1")
|
|
|
|
|
fi
|
|
|
|
|
shift 1;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ "$MICROVM_CLOSURE" = "" ]; then
|
|
|
|
|
echo "munix: provide a system closure path as a positional argument" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2025-11-03 17:57:08 +01:00
|
|
|
# Resolve symlinks automatically
|
|
|
|
|
MICROVM_CLOSURE=$(realpath "$MICROVM_CLOSURE")
|
|
|
|
|
|
2025-09-25 22:29:24 -03:00
|
|
|
if [ ${#MICROVM_COMMAND[@]} -eq 0 ]; then
|
|
|
|
|
MICROVM_COMMAND=("bash")
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$GPU" -eq 1 ]; then
|
|
|
|
|
BWRAP_ARGS+=(
|
|
|
|
|
"--dev-bind" "/dev/dri" "/dev/dri"
|
|
|
|
|
"--ro-bind" "$HOST_OPENGL_DRIVER" "/run/opengl-driver"
|
|
|
|
|
)
|
2025-09-25 22:36:39 -03:00
|
|
|
GPU_MODE=venus
|
|
|
|
|
kernel_ver="$(uname -r)"
|
|
|
|
|
kernel_ver_arr=(${kernel_ver//./ })
|
|
|
|
|
kernel_major="${kernel_ver_arr:-0}"
|
|
|
|
|
kernel_ver_arr=("${kernel_ver_arr[@]:1}")
|
|
|
|
|
kernel_minor="${kernel_ver_arr:-0}"
|
|
|
|
|
if [[ "$kernel_major" -gt 6 || ("$kernel_major" -eq 6 && "$kernel_minor" -gt 12) ]]; then
|
|
|
|
|
for card in /dev/dri/card*; do
|
|
|
|
|
driver_link="/sys/class/drm/${card##*/}/device/driver"
|
|
|
|
|
if [ -L "$driver_link" ]; then
|
|
|
|
|
driver_mod="$(readlink "$driver_link")"
|
|
|
|
|
driver_name="${driver_mod##*/}"
|
|
|
|
|
case "$driver_name" in
|
|
|
|
|
amdgpu|msm) # TODO: i915
|
|
|
|
|
echo "munix: ${card##*/} gpu driver is '$driver_name', using vdrm" >&2;
|
|
|
|
|
GPU_MODE=drm
|
|
|
|
|
break;;
|
|
|
|
|
*) echo "munix: ${card##*/} gpu driver is '$driver_name', using venus unless more gpus are found" >&2;;
|
|
|
|
|
esac
|
|
|
|
|
else
|
|
|
|
|
echo "munix: ${card##*/} has no gpu driver" >&2;
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
else
|
|
|
|
|
echo "munix: kernel version '$kernel_ver' is older than 6.13, not using gpu due to missing support" >&2;
|
|
|
|
|
GPU_MODE=software
|
|
|
|
|
fi
|
|
|
|
|
MUVM_ARGS+=("--gpu-mode=$GPU_MODE")
|
2025-09-25 22:29:24 -03:00
|
|
|
else
|
|
|
|
|
BWRAP_ARGS+=("--dir" "/dev/dri")
|
2025-09-25 22:36:39 -03:00
|
|
|
MUVM_ARGS+=("--gpu-mode=software")
|
2025-09-25 22:29:24 -03:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$WAYLAND" -eq 1 ]; then
|
|
|
|
|
if [ "$XDG_RUNTIME_DIR" = "" ]; then
|
|
|
|
|
echo "munix: wayland requested, but no XDG_RUNTIME_DIR set" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
BWRAP_ARGS+=(
|
|
|
|
|
"--bind" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
|
|
|
|
|
"--setenv" "WAYLAND_DISPLAY" "$WAYLAND_DISPLAY"
|
|
|
|
|
)
|
|
|
|
|
MUVM_ARGS+=("-e" "WAYLAND_DISPLAY=wayland-1") # the proxy is managed by us, not muvm
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$PIPEWIRE" -eq 1 ]; then
|
|
|
|
|
if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
|
|
|
|
|
PIPEWIRE_RUNTIME_DIR="$XDG_RUNTIME_DIR"
|
|
|
|
|
fi
|
|
|
|
|
if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
|
|
|
|
|
PIPEWIRE_RUNTIME_DIR="$USERPROFILE"
|
|
|
|
|
fi
|
|
|
|
|
if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
|
|
|
|
|
echo "munix: pipewire requested, but no PIPEWIRE_RUNTIME_DIR/XDG_RUNTIME_DIR/USERPROFILE set" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
if [ "$PIPEWIRE_REMOTE" = "" ]; then
|
|
|
|
|
PIPEWIRE_REMOTE=pipewire-0
|
|
|
|
|
fi
|
|
|
|
|
BWRAP_ARGS+=("--bind" "$PIPEWIRE_RUNTIME_DIR/$PIPEWIRE_REMOTE" "$PIPEWIRE_RUNTIME_DIR/$PIPEWIRE_REMOTE")
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$X11" -eq 1 ]; then
|
|
|
|
|
BWRAP_ARGS+=(
|
|
|
|
|
"--bind" "/tmp/.X11-unix" "/tmp/.X11-unix"
|
|
|
|
|
"--ro-bind" "$XAUTHORITY" "$XAUTHORITY"
|
|
|
|
|
)
|
|
|
|
|
else
|
|
|
|
|
unset DISPLAY XAUTHORITY
|
|
|
|
|
fi
|
|
|
|
|
|
2025-09-25 22:29:24 -03:00
|
|
|
exec bwrap --unshare-all --share-net \
|
2025-09-25 22:29:24 -03:00
|
|
|
--uid $MICROVM_UID --gid $MICROVM_GID \
|
2025-09-25 22:29:24 -03:00
|
|
|
--tmpfs / \
|
|
|
|
|
--dir /run --dir /var --symlink /run /var/run --dir /tmp \
|
|
|
|
|
--proc /proc --ro-bind /sys /sys \
|
2025-09-25 22:29:24 -03:00
|
|
|
--dev /dev --dir /dev/input --dev-bind /dev/kvm /dev/kvm \
|
2025-09-25 22:29:24 -03:00
|
|
|
--ro-bind "$MUVM_PATH" /run/munix/muvm \
|
|
|
|
|
--ro-bind "$PASST_PATH" /run/munix/passt \
|
2025-10-31 04:44:28 -03:00
|
|
|
--ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-remote \
|
|
|
|
|
--ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-configure-network \
|
|
|
|
|
--ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-pwbridge \
|
|
|
|
|
--symlink "$MICROVM_CLOSURE/etc/systemd" /etc/systemd \
|
2025-09-25 22:29:24 -03:00
|
|
|
--ro-bind /nix/store /nix/store \
|
|
|
|
|
--ro-bind /run/systemd/resolve /run/systemd/resolve \
|
2025-09-25 22:29:24 -03:00
|
|
|
--file 11 /etc/passwd \
|
|
|
|
|
--file 12 /etc/group \
|
2025-10-31 04:44:28 -03:00
|
|
|
--file 13 /etc/resolv.conf \
|
2025-09-25 22:29:24 -03:00
|
|
|
--dir "$XDG_RUNTIME_DIR" \
|
2025-09-25 22:29:24 -03:00
|
|
|
--setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \
|
|
|
|
|
"${BWRAP_ARGS[@]}" \
|
2025-09-25 22:29:24 -03:00
|
|
|
muvm \
|
2025-10-31 04:44:28 -03:00
|
|
|
--custom-init-cmdline "$MICROVM_CLOSURE/sw/sbin/init --log-target=console" \
|
2025-09-25 22:29:24 -03:00
|
|
|
"${MUVM_ARGS[@]}" \
|
2025-10-31 04:44:28 -03:00
|
|
|
-e container=munix \
|
2025-10-03 01:37:22 -03:00
|
|
|
-e MICROVM_CLOSURE="$MICROVM_CLOSURE" \
|
|
|
|
|
-e MICROVM_UID="$MICROVM_UID" -e MICROVM_GID="$MICROVM_GID" \
|
2025-09-25 22:29:24 -03:00
|
|
|
-i -t "${MICROVM_COMMAND[@]}" \
|
|
|
|
|
11< <(cat <<EOF
|
|
|
|
|
munix:x:$MICROVM_UID:$MICROVM_GID:Hypervisor:/:/run/current-system/sw/bin/nologin
|
|
|
|
|
nobody:x:65534:65534:Unprivileged account:/var/empty:/run/current-system/sw/bin/nologin
|
|
|
|
|
EOF
|
|
|
|
|
) \
|
|
|
|
|
12< <(cat <<EOF
|
|
|
|
|
munix:x:$MICROVM_GID:
|
|
|
|
|
nogroup:x:65534:
|
|
|
|
|
EOF
|
2025-10-31 04:44:28 -03:00
|
|
|
) \
|
|
|
|
|
13< /etc/resolv.conf
|
|
|
|
|
|
|
|
|
|
# --log-level=debug
|
