#!/bin/sh
# Boot-time setup for the inner "host" running vulnerable runc.
# Establishes the clean baseline the criterion requires on EVERY boot.
set -eu

# 1. World-writable shared-volume backing store (the race surface).
#    An unprivileged container-side attacker controls its contents and may
#    swap symlinks here. It is a legitimately-writable area; inodes created
#    here do NOT count as exploit success.
SHARE_BACKING=/srv/share-backing
mkdir -p "${SHARE_BACKING}"
chmod 0777 "${SHARE_BACKING}"

# 2. Host target tree: lives OUTSIDE the shared-volume backing store and
#    outside any container rootfs. The exploit must make runc create an
#    inode under here. Clean baseline => the target leaf must be ABSENT.
HOST_TARGET_DIR=/host-target
mkdir -p "${HOST_TARGET_DIR}"
chmod 0755 "${HOST_TARGET_DIR}"
# Wipe any inode a previous run/exploit may have left, so each boot is clean.
rm -rf "${HOST_TARGET_DIR:?}/"* 2>/dev/null || true

# 3. Make sure the shared OCI rootfs is present and clean of leftovers.
mkdir -p /opt/oci-rootfs/share

echo "[entrypoint] runc: $(/usr/local/sbin/runc --version | head -n1)"
echo "[entrypoint] shared-volume backing store (world-writable): ${SHARE_BACKING}"
echo "[entrypoint] host target dir (clean, exploit target lives here): ${HOST_TARGET_DIR}"
echo "[entrypoint] baseline ready; container is the inner host."

# Keep the inner host alive for the exploiter/verifier to drive via docker exec.
exec sleep infinity