int main()

in init/init.c [395:450]

• 30 lines of code
• 1 McCabe index (conditional complexity)

int main() {
    // Block all signals in init. SIGCHLD will still cause wait() to return.
    sigset_t set;
    sigfillset(&set);
    sigprocmask(SIG_BLOCK, &set, 0);

    // Set up the minimal dependencies to start a container
    // Init /dev and start /dev/console for early debugging
    init_dev();
    init_console();

    // Insert the Nitro Secure Module driver
    init_nsm_driver();

    // Signal nitro-cli that the enclave has started
    enclave_ready();

    FILE *env_file = fopen("/env", "r");
    FILE *cmd_file = fopen("/cmd", "r");

    // env should be an array of "VAR1=string1", "VAR2=string2", ...
    // The array should end with NULL
    char **env = read_config(env_file);
    // cmd should be an array of "command", "param1", "param2", ...
    // The array should end with NULL
    char **cmd = read_config(cmd_file);

    fclose(env_file);
    fclose(cmd_file);

    unlink("/env");
    unlink("/cmd");

    // Turn /rootfs into a mount point so it can be used with mount --move
    die_on(mount("/rootfs", "/rootfs", NULL, MS_BIND, NULL) != 0,
        "mount --bind /rootfs /rootfs");
    die_on(chdir("/rootfs") != 0, "chdir /rootfs");
    // Change the root directory of the mount namespace to the root directory
    // by overmounting / with /rootfs
    die_on(mount(".", "/", NULL, MS_MOVE, NULL) != 0,
        "mount --move . /");
    die_on(chroot(".") != 0, "chroot .");
    die_on(chdir("/") != 0, "chdir /");

    // At this point, we need to make sure the container /dev is initialized
    // as well.
    init_dev();
    init_fs(ops, sizeof(ops) / sizeof(ops[0]));
    init_cgroups();

    pid_t pid = launch(cmd, env);

    //// Reap until the initial child process dies.
    reap_until(pid);
    reboot(RB_AUTOBOOT);
}