#!/usr/bin/with-contenv bash

## dind hack from https://github.com/moby/moby/blob/master/hack/dind
export container=docker
if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
    mount -t securityfs none /sys/kernel/security || {
        echo 'Could not mount /sys/kernel/security.'
        echo 'AppArmor detection and --privileged mode might break.'
    }
fi
# Mount /tmp (conditionally)
if ! mountpoint -q /tmp; then
    mount -t tmpfs none /tmp
fi
# cgroup v2: enable nesting
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
    # move the init process (PID 1) from the root group to the /init group,
    # otherwise writing subtree_control fails with EBUSY.
    mkdir -p /sys/fs/cgroup/init
    echo 1 > /sys/fs/cgroup/init/cgroup.procs
    # enable controllers
    sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
        > /sys/fs/cgroup/cgroup.subtree_control
fi

exec 2>&1 /usr/local/bin/dockerd \
    --data-root "/config/var/lib/docker"