#!/bin/bash
set -e
cd /app

# Fresh-on-boot: clear any marker artifacts so nothing is pre-planted. The
# attacker's executed command is the only thing that can create a file here.
rm -rf /app/marker/* 2>/dev/null || true
chmod 1777 /app/marker

# Start the local proxy backend that /internal and /spray proxy to.
python3 backend.py >/app/logs/backend.log 2>&1 &

# Launch nginx with ASLR disabled via `setarch -R`, giving the deterministic
# heap/libc addresses the PoC hardcodes. exec so nginx is PID 1 (clean signals).
exec setarch x86_64 -R /nginx-src/build/nginx -p /app -c /app/nginx.conf