simple-ish iron-chroot script
Recently, I've been using @mikewalsh 's chrooted-iron (see thread) as a demonstration for my psandbox scripts and while I like the flexibility of the tools I'm working on with my psandbox project, I wanted a script that was simpler and faster (see post).
Speed obviously enhances the user experience and simplicity makes others more likely to modify the script for their own needs or the very least understand how it works. So to create a simplified script I started with the version provided in @mikewalsh 's chrooted-iron but modified it so that I only had to mount a specific folder within the sfs as part of a layered file system.
The advantage of this is so the root of the sfs file can be its own independent system and some subfolder of the sfs root can be mounted for application specific purposes (e.g. a chrooted or portable browser). Space is saved within the sfs file by using hardlinks (see post).
My original idea was to create a folder which would be the bottom layer of the puppy layered file system. However, this approach didn't work (see code) because binds in lower layers don't propagate up to uper layers. So without too many modifications, I created a new layered file system on /cont, which had a specific folder from the chrooted-iron sfs as the bottom layer and tmpfs as the top layer. The complete code can be found at:
The code may still have an issue to work out. When I tested it after exiting iron, it didn't run the function to unmount /cont. I'll try again later and verify that this is an issue.
Another advantage of making a simplified script to do this is it is a better starting point to try to merge in some higher security techniques as rufwoof mentioned in the following thread: