From 0103df5ca9026033e1036c675e79f6cebb3d0c58 Mon Sep 17 00:00:00 2001
From: mawalu <web@mawalabs.de>
Date: Sun, 20 Jun 2021 14:09:30 +0200
Subject: [PATCH] Remove mode and improve profiles

---
 lib/args.nim    |  7 ++-----
 lib/config.nim  |  5 +++++
 lib/modes.nim   |  2 --
 lib/sandbox.nim | 39 ++++++++++++++++++++++++---------------
 lib/utils.nim   |  5 ++---
 main.nim        |  9 ++-------
 6 files changed, 35 insertions(+), 32 deletions(-)
 delete mode 100644 lib/modes.nim

diff --git a/lib/args.nim b/lib/args.nim
index d2ebe7a..5ea896e 100644
--- a/lib/args.nim
+++ b/lib/args.nim
@@ -1,6 +1,5 @@
 import parseopt
 import options
-import modes
 import os
 
 type Args* = object
@@ -11,13 +10,11 @@ type Args* = object
 proc getCmd*(args: Args): string =
   return args.cmd.get(getEnv("SHELL", "/bin/bash"))
 
-proc getProfile*(args: Args, mode: Modes): string =
+proc getProfile*(args: Args): string =
   if args.profile.isSome:
     return args.profile.unsafeGet
 
-  return case mode
-  of Modes.Shell: "shell"
-  of Modes.Box: "gui"
+  return "default"
 
 proc parseOpt(args: var Args, key: string, value: string): bool =
   case key
diff --git a/lib/config.nim b/lib/config.nim
index 8c2992b..a25536c 100644
--- a/lib/config.nim
+++ b/lib/config.nim
@@ -13,6 +13,9 @@ type Config* = object
   mount*: Option[seq[string]]
   romount*: Option[seq[string]]
   symlinks*: Option[seq[Link]]
+  mountcwd*: Option[bool]
+  privileged*: Option[bool]
+  sethostname*: Option[bool]
 
 proc applyConfig*(call: var BwrapCall, config: Config) =
   for mount in config.mount.get(@[]):
@@ -39,5 +42,7 @@ proc extendConfig*(config: var Config): Config {.discardable.} =
   config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[])))
   config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[])))
   config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[])))
+  config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
+  config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
 
   return config
diff --git a/lib/modes.nim b/lib/modes.nim
deleted file mode 100644
index e91e038..0000000
--- a/lib/modes.nim
+++ /dev/null
@@ -1,2 +0,0 @@
-type Modes* = enum
-  Shell = "bwshell", Box = "bwbox"
\ No newline at end of file
diff --git a/lib/sandbox.nim b/lib/sandbox.nim
index 8bf257f..160a3d9 100644
--- a/lib/sandbox.nim
+++ b/lib/sandbox.nim
@@ -1,49 +1,58 @@
 import os
 import args
+import json
 import utils
-import modes
 import bwrap
 import config
 import options
 
-proc sandboxExec*(mode: Modes, args: Args) =
+proc sandboxExec*(args: Args) =
   var call = BwrapCall()
-  var userConfig = none(Config)
+  var configPath = none(string)
 
-  let hostname = args.name.get("sandbox")
-  let profilePath = getProfilePath(args, mode)
+  let hostname = args.name.get(getProfile(argst ))
 
   if args.name.isSome:
     let name = args.name.unsafeGet
     let sandboxPath = getSandboxPath(name)
     let sandboxFiles = sandboxPath.joinPath("files")
-    let configPath = sandboxPath.joinPath("config.json")
+    let userConfig = sandboxPath.joinPath("config.json")
 
-    if fileExists(configPath):
-        userConfig = some(loadConfig(configPath))
 
     createDir(sandboxFiles)
     call.addArg("--bind", sandboxFiles, getHomeDir())
 
-  var profile = loadConfig(profilePath)
-  profile.extendConfig()
+    if not fileExists(userConfig):
+      let newConfig = %* {"extends": getProfile(args)}
+      writeFile(userConfig, $newConfig)
+
+    configPath = some(userConfig)
+
+  if configPath.isNone or not fileExists(configPath.unsafeGet):
+    configPath = some(getProfilePath(args))
+
+  var config = loadConfig(configPath.unsafeGet)
+  config.extendConfig()
 
   call
     .addMount("--dev-bind", "/dev/null")
+    .addMount("--dev-bind", "/dev/random")
+    .addMount("--dev-bind", "/dev/urandom")
     .addArg("--tmpfs", "/tmp")
     .addArg("--proc", "/proc")
     .addArg("--unshare-all")
     .addArg("--share-net")
     .addArg("--die-with-parent")
-    .applyConfig(profile)
+    .addArg("--setenv", "BWSANDBOX", "1")
+    .applyConfig(config)
 
-  if mode == Modes.Shell:
+  if config.mountcwd.get(false):
     call
       .addMount("--bind", getCurrentDir())
       .addArg("--chdir", getCurrentDir())
+
+  if config.sethostname.get(false):
+    call
       .addArg("--hostname", hostname)
 
-  if userConfig.isSome:
-    call.applyConfig(userConfig.unsafeGet)
-
   call.addArg(args.getCmd).exec()
diff --git a/lib/utils.nim b/lib/utils.nim
index 7a569f7..08d39e4 100644
--- a/lib/utils.nim
+++ b/lib/utils.nim
@@ -1,6 +1,5 @@
 import os
 import args
-import modes
 
 const APP_NAME = "bwsandbox"
 
@@ -17,8 +16,8 @@ proc getProfilePath*(profile: string): string =
         .joinPath(APP_NAME)
         .joinPath(profile)
 
-proc getProfilePath*(args: Args, mode: Modes): string =
-  getProfilePath(args.getProfile(mode))
+proc getProfilePath*(args: Args): string =
+  getProfilePath(args.getProfile())
 
 proc getSandboxPath*(name: string): string =
   getDataDir()
diff --git a/main.nim b/main.nim
index 5705617..c4fd8ec 100644
--- a/main.nim
+++ b/main.nim
@@ -1,19 +1,14 @@
 import lib/sandbox
-import lib/modes
 import lib/args
-import strformat
-import strutils
 import options
-import os
 
 proc main(): int =
-  let mode = parseEnum[Modes](paramStr(0), Modes.Shell)
   let args = parseArgs()
 
   if args.isNone:
-    echo &"Usage: {mode} --command=cmd --profile=profile <sandbox_name>"
+    echo "Usage: bwshell --command=cmd --profile=profile <sandbox_name>"
     return 1
   else:
-    sandboxExec(mode, args.unsafeGet)
+    sandboxExec(args.unsafeGet)
 
 quit(main())