Remove mode and improve profiles
This commit is contained in:
parent
d96e27f3f3
commit
0103df5ca9
GPG Key ID:
BF556F989760A7C8
|
|
@ -1,6 +1,5 @@
|
||||||
import parseopt
|
import parseopt
|
||||||
import options
|
import options
|
||||||
import modes
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
type Args* = object
|
type Args* = object
|
||||||
|
|
@ -11,13 +10,11 @@ type Args* = object
|
||||||
proc getCmd*(args: Args): string =
|
proc getCmd*(args: Args): string =
|
||||||
return args.cmd.get(getEnv("SHELL", "/bin/bash"))
|
return args.cmd.get(getEnv("SHELL", "/bin/bash"))
|
||||||
|
|
||||||
proc getProfile*(args: Args, mode: Modes): string =
|
proc getProfile*(args: Args): string =
|
||||||
if args.profile.isSome:
|
if args.profile.isSome:
|
||||||
return args.profile.unsafeGet
|
return args.profile.unsafeGet
|
||||||
|
|
||||||
return case mode
|
return "default"
|
||||||
of Modes.Shell: "shell"
|
|
||||||
of Modes.Box: "gui"
|
|
||||||
|
|
||||||
proc parseOpt(args: var Args, key: string, value: string): bool =
|
proc parseOpt(args: var Args, key: string, value: string): bool =
|
||||||
case key
|
case key
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,9 @@ type Config* = object
|
||||||
mount*: Option[seq[string]]
|
mount*: Option[seq[string]]
|
||||||
romount*: Option[seq[string]]
|
romount*: Option[seq[string]]
|
||||||
symlinks*: Option[seq[Link]]
|
symlinks*: Option[seq[Link]]
|
||||||
|
mountcwd*: Option[bool]
|
||||||
|
privileged*: Option[bool]
|
||||||
|
sethostname*: Option[bool]
|
||||||
|
|
||||||
proc applyConfig*(call: var BwrapCall, config: Config) =
|
proc applyConfig*(call: var BwrapCall, config: Config) =
|
||||||
for mount in config.mount.get(@[]):
|
for mount in config.mount.get(@[]):
|
||||||
|
|
@ -39,5 +42,7 @@ proc extendConfig*(config: var Config): Config {.discardable.} =
|
||||||
config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[])))
|
config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[])))
|
||||||
config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[])))
|
config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[])))
|
||||||
config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[])))
|
config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[])))
|
||||||
|
config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
|
||||||
|
config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
|
||||||
|
|
||||||
return config
|
return config
|
||||||
|
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
type Modes* = enum
|
|
||||||
Shell = "bwshell", Box = "bwbox"
|
|
||||||
|
|
@ -1,49 +1,58 @@
|
||||||
import os
|
import os
|
||||||
import args
|
import args
|
||||||
|
import json
|
||||||
import utils
|
import utils
|
||||||
import modes
|
|
||||||
import bwrap
|
import bwrap
|
||||||
import config
|
import config
|
||||||
import options
|
import options
|
||||||
|
|
||||||
proc sandboxExec*(mode: Modes, args: Args) =
|
proc sandboxExec*(args: Args) =
|
||||||
var call = BwrapCall()
|
var call = BwrapCall()
|
||||||
var userConfig = none(Config)
|
var configPath = none(string)
|
||||||
|
|
||||||
let hostname = args.name.get("sandbox")
|
let hostname = args.name.get(getProfile(argst ))
|
||||||
let profilePath = getProfilePath(args, mode)
|
|
||||||
|
|
||||||
if args.name.isSome:
|
if args.name.isSome:
|
||||||
let name = args.name.unsafeGet
|
let name = args.name.unsafeGet
|
||||||
let sandboxPath = getSandboxPath(name)
|
let sandboxPath = getSandboxPath(name)
|
||||||
let sandboxFiles = sandboxPath.joinPath("files")
|
let sandboxFiles = sandboxPath.joinPath("files")
|
||||||
let configPath = sandboxPath.joinPath("config.json")
|
let userConfig = sandboxPath.joinPath("config.json")
|
||||||
|
|
||||||
if fileExists(configPath):
|
|
||||||
userConfig = some(loadConfig(configPath))
|
|
||||||
|
|
||||||
createDir(sandboxFiles)
|
createDir(sandboxFiles)
|
||||||
call.addArg("--bind", sandboxFiles, getHomeDir())
|
call.addArg("--bind", sandboxFiles, getHomeDir())
|
||||||
|
|
||||||
var profile = loadConfig(profilePath)
|
if not fileExists(userConfig):
|
||||||
profile.extendConfig()
|
let newConfig = %* {"extends": getProfile(args)}
|
||||||
|
writeFile(userConfig, $newConfig)
|
||||||
|
|
||||||
|
configPath = some(userConfig)
|
||||||
|
|
||||||
|
if configPath.isNone or not fileExists(configPath.unsafeGet):
|
||||||
|
configPath = some(getProfilePath(args))
|
||||||
|
|
||||||
|
var config = loadConfig(configPath.unsafeGet)
|
||||||
|
config.extendConfig()
|
||||||
|
|
||||||
call
|
call
|
||||||
.addMount("--dev-bind", "/dev/null")
|
.addMount("--dev-bind", "/dev/null")
|
||||||
|
.addMount("--dev-bind", "/dev/random")
|
||||||
|
.addMount("--dev-bind", "/dev/urandom")
|
||||||
.addArg("--tmpfs", "/tmp")
|
.addArg("--tmpfs", "/tmp")
|
||||||
.addArg("--proc", "/proc")
|
.addArg("--proc", "/proc")
|
||||||
.addArg("--unshare-all")
|
.addArg("--unshare-all")
|
||||||
.addArg("--share-net")
|
.addArg("--share-net")
|
||||||
.addArg("--die-with-parent")
|
.addArg("--die-with-parent")
|
||||||
.applyConfig(profile)
|
.addArg("--setenv", "BWSANDBOX", "1")
|
||||||
|
.applyConfig(config)
|
||||||
|
|
||||||
if mode == Modes.Shell:
|
if config.mountcwd.get(false):
|
||||||
call
|
call
|
||||||
.addMount("--bind", getCurrentDir())
|
.addMount("--bind", getCurrentDir())
|
||||||
.addArg("--chdir", getCurrentDir())
|
.addArg("--chdir", getCurrentDir())
|
||||||
|
|
||||||
|
if config.sethostname.get(false):
|
||||||
|
call
|
||||||
.addArg("--hostname", hostname)
|
.addArg("--hostname", hostname)
|
||||||
|
|
||||||
if userConfig.isSome:
|
|
||||||
call.applyConfig(userConfig.unsafeGet)
|
|
||||||
|
|
||||||
call.addArg(args.getCmd).exec()
|
call.addArg(args.getCmd).exec()
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
import os
|
import os
|
||||||
import args
|
import args
|
||||||
import modes
|
|
||||||
|
|
||||||
const APP_NAME = "bwsandbox"
|
const APP_NAME = "bwsandbox"
|
||||||
|
|
||||||
|
|
@ -17,8 +16,8 @@ proc getProfilePath*(profile: string): string =
|
||||||
.joinPath(APP_NAME)
|
.joinPath(APP_NAME)
|
||||||
.joinPath(profile)
|
.joinPath(profile)
|
||||||
|
|
||||||
proc getProfilePath*(args: Args, mode: Modes): string =
|
proc getProfilePath*(args: Args): string =
|
||||||
getProfilePath(args.getProfile(mode))
|
getProfilePath(args.getProfile())
|
||||||
|
|
||||||
proc getSandboxPath*(name: string): string =
|
proc getSandboxPath*(name: string): string =
|
||||||
getDataDir()
|
getDataDir()
|
||||||
|
|
|
||||||
9
main.nim
9
main.nim
|
|
@ -1,19 +1,14 @@
|
||||||
import lib/sandbox
|
import lib/sandbox
|
||||||
import lib/modes
|
|
||||||
import lib/args
|
import lib/args
|
||||||
import strformat
|
|
||||||
import strutils
|
|
||||||
import options
|
import options
|
||||||
import os
|
|
||||||
|
|
||||||
proc main(): int =
|
proc main(): int =
|
||||||
let mode = parseEnum[Modes](paramStr(0), Modes.Shell)
|
|
||||||
let args = parseArgs()
|
let args = parseArgs()
|
||||||
|
|
||||||
if args.isNone:
|
if args.isNone:
|
||||||
echo &"Usage: {mode} --command=cmd --profile=profile <sandbox_name>"
|
echo "Usage: bwshell --command=cmd --profile=profile <sandbox_name>"
|
||||||
return 1
|
return 1
|
||||||
else:
|
else:
|
||||||
sandboxExec(mode, args.unsafeGet)
|
sandboxExec(args.unsafeGet)
|
||||||
|
|
||||||
quit(main())
|
quit(main())
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue