Remove mode and improve profiles

This commit is contained in:
Martin 2021-06-20 14:09:30 +02:00
parent d96e27f3f3
commit 0103df5ca9
Signed by: mawalu
GPG Key ID: BF556F989760A7C8
6 changed files with 35 additions and 32 deletions

View File

@ -1,6 +1,5 @@
import parseopt import parseopt
import options import options
import modes
import os import os
type Args* = object type Args* = object
@ -11,13 +10,11 @@ type Args* = object
proc getCmd*(args: Args): string = proc getCmd*(args: Args): string =
return args.cmd.get(getEnv("SHELL", "/bin/bash")) return args.cmd.get(getEnv("SHELL", "/bin/bash"))
proc getProfile*(args: Args, mode: Modes): string = proc getProfile*(args: Args): string =
if args.profile.isSome: if args.profile.isSome:
return args.profile.unsafeGet return args.profile.unsafeGet
return case mode return "default"
of Modes.Shell: "shell"
of Modes.Box: "gui"
proc parseOpt(args: var Args, key: string, value: string): bool = proc parseOpt(args: var Args, key: string, value: string): bool =
case key case key

View File

@ -13,6 +13,9 @@ type Config* = object
mount*: Option[seq[string]] mount*: Option[seq[string]]
romount*: Option[seq[string]] romount*: Option[seq[string]]
symlinks*: Option[seq[Link]] symlinks*: Option[seq[Link]]
mountcwd*: Option[bool]
privileged*: Option[bool]
sethostname*: Option[bool]
proc applyConfig*(call: var BwrapCall, config: Config) = proc applyConfig*(call: var BwrapCall, config: Config) =
for mount in config.mount.get(@[]): for mount in config.mount.get(@[]):
@ -39,5 +42,7 @@ proc extendConfig*(config: var Config): Config {.discardable.} =
config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[]))) config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[])))
config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[]))) config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[])))
config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[]))) config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[])))
config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
return config return config

View File

@ -1,2 +0,0 @@
type Modes* = enum
Shell = "bwshell", Box = "bwbox"

View File

@ -1,49 +1,58 @@
import os import os
import args import args
import json
import utils import utils
import modes
import bwrap import bwrap
import config import config
import options import options
proc sandboxExec*(mode: Modes, args: Args) = proc sandboxExec*(args: Args) =
var call = BwrapCall() var call = BwrapCall()
var userConfig = none(Config) var configPath = none(string)
let hostname = args.name.get("sandbox") let hostname = args.name.get(getProfile(argst ))
let profilePath = getProfilePath(args, mode)
if args.name.isSome: if args.name.isSome:
let name = args.name.unsafeGet let name = args.name.unsafeGet
let sandboxPath = getSandboxPath(name) let sandboxPath = getSandboxPath(name)
let sandboxFiles = sandboxPath.joinPath("files") let sandboxFiles = sandboxPath.joinPath("files")
let configPath = sandboxPath.joinPath("config.json") let userConfig = sandboxPath.joinPath("config.json")
if fileExists(configPath):
userConfig = some(loadConfig(configPath))
createDir(sandboxFiles) createDir(sandboxFiles)
call.addArg("--bind", sandboxFiles, getHomeDir()) call.addArg("--bind", sandboxFiles, getHomeDir())
var profile = loadConfig(profilePath) if not fileExists(userConfig):
profile.extendConfig() let newConfig = %* {"extends": getProfile(args)}
writeFile(userConfig, $newConfig)
configPath = some(userConfig)
if configPath.isNone or not fileExists(configPath.unsafeGet):
configPath = some(getProfilePath(args))
var config = loadConfig(configPath.unsafeGet)
config.extendConfig()
call call
.addMount("--dev-bind", "/dev/null") .addMount("--dev-bind", "/dev/null")
.addMount("--dev-bind", "/dev/random")
.addMount("--dev-bind", "/dev/urandom")
.addArg("--tmpfs", "/tmp") .addArg("--tmpfs", "/tmp")
.addArg("--proc", "/proc") .addArg("--proc", "/proc")
.addArg("--unshare-all") .addArg("--unshare-all")
.addArg("--share-net") .addArg("--share-net")
.addArg("--die-with-parent") .addArg("--die-with-parent")
.applyConfig(profile) .addArg("--setenv", "BWSANDBOX", "1")
.applyConfig(config)
if mode == Modes.Shell: if config.mountcwd.get(false):
call call
.addMount("--bind", getCurrentDir()) .addMount("--bind", getCurrentDir())
.addArg("--chdir", getCurrentDir()) .addArg("--chdir", getCurrentDir())
if config.sethostname.get(false):
call
.addArg("--hostname", hostname) .addArg("--hostname", hostname)
if userConfig.isSome:
call.applyConfig(userConfig.unsafeGet)
call.addArg(args.getCmd).exec() call.addArg(args.getCmd).exec()

View File

@ -1,6 +1,5 @@
import os import os
import args import args
import modes
const APP_NAME = "bwsandbox" const APP_NAME = "bwsandbox"
@ -17,8 +16,8 @@ proc getProfilePath*(profile: string): string =
.joinPath(APP_NAME) .joinPath(APP_NAME)
.joinPath(profile) .joinPath(profile)
proc getProfilePath*(args: Args, mode: Modes): string = proc getProfilePath*(args: Args): string =
getProfilePath(args.getProfile(mode)) getProfilePath(args.getProfile())
proc getSandboxPath*(name: string): string = proc getSandboxPath*(name: string): string =
getDataDir() getDataDir()

View File

@ -1,19 +1,14 @@
import lib/sandbox import lib/sandbox
import lib/modes
import lib/args import lib/args
import strformat
import strutils
import options import options
import os
proc main(): int = proc main(): int =
let mode = parseEnum[Modes](paramStr(0), Modes.Shell)
let args = parseArgs() let args = parseArgs()
if args.isNone: if args.isNone:
echo &"Usage: {mode} --command=cmd --profile=profile <sandbox_name>" echo "Usage: bwshell --command=cmd --profile=profile <sandbox_name>"
return 1 return 1
else: else:
sandboxExec(mode, args.unsafeGet) sandboxExec(args.unsafeGet)
quit(main()) quit(main())