bwbox/lib/sandbox.nim

import os
import args
import utils
import modes
import bwrap
import config
import options

proc sandboxExec*(mode: Modes, args: Args) =
  var call = BwrapCall()
  var userConfig = none(Config)

  let hostname = args.name.get("sandbox")
  let profilePath = getProfilePath(args, mode)

  if args.name.isSome:
    let name = args.name.unsafeGet
    let sandboxPath = getSandboxPath(name)
    let sandboxFiles = sandboxPath.joinPath("files")
    let configPath = sandboxPath.joinPath("config.json")

    if fileExists(configPath):
        userConfig = some(loadConfig(configPath))

    createDir(sandboxFiles)
    call.addArg("--bind", sandboxFiles, getHomeDir())

  var profile = loadConfig(profilePath)
  profile.extendConfig()

  call
    .addMount("--dev-bind", "/dev/null")
    .addArg("--tmpfs", "/tmp")
    .addArg("--proc", "/proc")
    .addArg("--unshare-all")
    .addArg("--share-net")
    .addArg("--die-with-parent")
    .applyConfig(profile)

  if mode == Modes.Shell:
    call
      .addMount("--bind", getCurrentDir())
      .addArg("--chdir", getCurrentDir())
      .addArg("--hostname", hostname)

  if userConfig.isSome:
    call.applyConfig(userConfig.unsafeGet)

  call.addArg(args.getCmd).exec()
Splitup and config file parsing 2021-05-18 22:10:35 +02:00			`import os`
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`import args`
			`import utils`
Add support for different modes based on argv[0] 2021-06-16 19:48:13 +02:00			`import modes`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00			`import bwrap`
			`import config`
			`import options`

New arg parser and profile support 2021-06-19 16:33:47 +02:00			`proc sandboxExec*(mode: Modes, args: Args) =`
			`var call = BwrapCall()`
			`var userConfig = none(Config)`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`let hostname = args.name.get("sandbox")`
			`let profilePath = getProfilePath(args, mode)`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`if args.name.isSome:`
			`let name = args.name.unsafeGet`
			`let sandboxPath = getSandboxPath(name)`
			`let sandboxFiles = sandboxPath.joinPath("files")`
			`let configPath = sandboxPath.joinPath("config.json")`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`if fileExists(configPath):`
			`userConfig = some(loadConfig(configPath))`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`createDir(sandboxFiles)`
			`call.addArg("--bind", sandboxFiles, getHomeDir())`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`var profile = loadConfig(profilePath)`
			`profile.extendConfig()`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
			`call`
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`.addMount("--dev-bind", "/dev/null")`
Add support for different modes based on argv[0] 2021-06-16 19:48:13 +02:00			`.addArg("--tmpfs", "/tmp")`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00			`.addArg("--proc", "/proc")`
			`.addArg("--unshare-all")`
			`.addArg("--share-net")`
			`.addArg("--die-with-parent")`
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`.applyConfig(profile)`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
Add support for different modes based on argv[0] 2021-06-16 19:48:13 +02:00			`if mode == Modes.Shell:`
			`call`
			`.addMount("--bind", getCurrentDir())`
			`.addArg("--chdir", getCurrentDir())`
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`.addArg("--hostname", hostname)`
Add support for different modes based on argv[0] 2021-06-16 19:48:13 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`if userConfig.isSome:`
			`call.applyConfig(userConfig.unsafeGet)`
Splitup and config file parsing 2021-05-18 22:10:35 +02:00
New arg parser and profile support 2021-06-19 16:33:47 +02:00			`call.addArg(args.getCmd).exec()`