@@ -140,6 +140,43 @@ if ! grep -q "ForceCommand" /etc/ssh/sshd_config; then
140140 echo " ForceCommand /usr/local/bin/nsenter-dev.sh" >> /etc/ssh/sshd_config
141141fi
142142
143+ # When embedded SSH mode is enabled, copy okdev-sshd into the dev container
144+ # and start it there. The SSH server runs natively in the dev container's cgroup.
145+ OKDEV_SSH_MODE=" ${OKDEV_SSH_MODE:- sidecar} "
146+ if [ " $OKDEV_SSH_MODE " = " embedded" ; then
147+ DEV_PID=" "
148+ tries=0
149+ while [ -z " $DEV_PID " && [ " $tries " -lt 60 ]; do
150+ for pid in $( ls /proc 2> /dev/null | grep -E ' ^[0-9]+$' | sort -n) ; do
151+ [ " $pid " = " 1" && continue
152+ [ " $pid " = " $$ " && continue
153+ [ -r " /proc/$pid /root" 2> /dev/null || continue
154+ if ! [ " /proc/$pid /root" -ef " /proc/self/root" 2> /dev/null; then
155+ if [ -d " /proc/$pid " ; then
156+ DEV_PID=" $pid "
157+ break
158+ fi
159+ fi
160+ done
161+ if [ -z " $DEV_PID " ; then
162+ sleep 0.5
163+ tries=$(( tries + 1 ))
164+ fi
165+ done
166+
167+ if [ -n " $DEV_PID " ; then
168+ nsenter --target " $DEV_PID "
169+ cat /usr/local/bin/okdev-sshd | nsenter --target " $DEV_PID " " cat > /var/okdev/okdev-sshd && chmod +x /var/okdev/okdev-sshd"
170+ cat /root/.ssh/authorized_keys | nsenter --target " $DEV_PID " " cat > /var/okdev/authorized_keys && chmod 600 /var/okdev/authorized_keys"
171+
172+ nsenter --target " $DEV_PID "
173+ /var/okdev/okdev-sshd --port 2222 --authorized-keys /var/okdev/authorized_keys &
174+ echo " okdev-sshd started in dev container (PID $DEV_PID ) on port 2222"
175+ else
176+ echo " WARNING: could not find dev container PID, embedded SSH not started" >&2
177+ fi
178+ fi
179+
143180# Start syncthing in background (run as root for workspace access)
144181syncthing serve --home /var/syncthing --no-browser \
145182 --gui-address=http://0.0.0.0:8384 --no-restart --skip-port-probing &
0 commit comments