1  {-# LANGUAGE OverloadedStrings #-}
 2  
 3  {- |
 4  Run an OCI container image in a bubblewrap namespace.
 5  
 6  Usage: oci-run IMAGE [COMMAND...]
 7  
 8  Example: oci-run alpine:latest /bin/sh
 9  
10  Images are cached in ~/.cache/straylight-oci/ for fast subsequent runs.
11  This is the non-GPU version - see oci-gpu for GPU passthrough.
12  -}
13  module Main where
14  
15  import Aleph.Script hiding (FilePath)
16  import qualified Aleph.Script.Oci as Oci
17  import qualified Aleph.Script.Tools.Bwrap as Bwrap
18  import qualified Data.List as L
19  import System.Environment (getArgs)
20  
21  main :: IO ()
22  main = do
23      args <- getArgs
24      case args of
25          [] -> script $ do
26              echoErr "Usage: oci-run IMAGE [COMMAND...]"
27              echoErr ""
28              echoErr "Run an OCI container image in a namespace."
29              echoErr ""
30              echoErr "Examples:"
31              echoErr "  oci-run alpine:latest /bin/sh"
32              echoErr "  oci-run ubuntu:22.04 bash"
33              echoErr "  oci-run nvcr.io/nvidia/pytorch:24.01-py3"
34              echoErr ""
35              echoErr "Images are cached in ~/.cache/straylight-oci/"
36              exit 1
37          (image : cmdArgs) -> script $ do
38              let cmd = if L.null cmdArgs then ["/bin/bash"] else map pack cmdArgs
39  
40              -- Pull or use cached image
41              rootfs <- Oci.pullOrCache Oci.defaultConfig (pack image)
42  
43              -- Build sandbox
44              let sandbox = Oci.baseSandbox rootfs
45  
46              -- Execute
47              echoErr ":: Entering namespace"
48              Bwrap.exec sandbox cmd