Add support for different modes based on argv[0]

2021-06-16 19:48:13 +02:00 · 2021-06-16 19:48:13 +02:00 · 9708146d81
commit 9708146d81
parent 8b89243a4a
5 changed files with 21 additions and 12 deletions
--- a/lib/bwrap.nim
+++ b/lib/bwrap.nim
@ -14,5 +14,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall
  call

 proc exec*(call: var BwrapCall) =
-  echo call.args
  discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
--- a/lib/config.nim
+++ b/lib/config.nim
@ -5,6 +5,7 @@ type Link* = object
  dst*: string

 type Config* = object
-    mount*: Option[seq[string]]
-    romount*: Option[seq[string]]
-    symlinks*: Option[seq[Link]]
+  extends*: Option[seq[string]]
+  mount*: Option[seq[string]]
+  romount*: Option[seq[string]]
+  symlinks*: Option[seq[Link]]
--- a/lib/modes.nim
+++ b/lib/modes.nim
@ -0,0 +1,2 @@
+type Modes* = enum
+  Shell = "bwshell", Box = "bwbox"
--- a/lib/sandbox.nim
+++ b/lib/sandbox.nim
@ -1,14 +1,15 @@
 import os
 import json
+import modes
 import bwrap
 import config
 import options

-const CONFIG_LOCATION = "config.json"
-
 proc homePath(p: string): string =
  joinPath(getHomeDir(), p)

+const CONFIG_LOCATION = homePath(joinPath(".sandboxes", "config.json"))
+
 proc checkRelativePath(p: string): string =
  if p[0] == '/':
    return p
@ -27,7 +28,7 @@ proc applyConfig(call: var BwrapCall, config: Config) =
 proc loadConfig(path: string): Config =
  return readFile(path).parseJson().to(Config)

-proc sandboxExec*(name: string, command: string) =
+proc sandboxExec*(name: string, command: string, mode: Modes) =
  let sandboxPath = homePath(joinPath(".sandboxes", name))
  let sandboxFiles = joinPath(sandboxPath, "files")
  let sandboxInfo = joinPath(sandboxPath, "info")
@ -38,17 +39,20 @@ proc sandboxExec*(name: string, command: string) =
  call
    .addArg("--bind", sandboxFiles, getHomeDir())
    .addMount("--dev-bind", "/dev")
-    .addArg("--dir", "/tmp")
+    .addArg("--tmpfs", "/tmp")
    .addArg("--proc", "/proc")
    .addArg("--unshare-all")
    .addArg("--share-net")
    .addArg("--die-with-parent")
    .addArg("--hostname", name)
-    .addArg("--chdir", getHomeDir())
    .applyConfig(loadConfig(CONFIG_LOCATION))

+  if mode == Modes.Shell:
+    call
+      .addMount("--bind", getCurrentDir())
+      .addArg("--chdir", getCurrentDir())
+
  let configPath = sandboxPath.joinPath("config.json")
-  echo configPath
  if fileExists(configPath):
    call.applyConfig(loadConfig(configPath))

--- a/main.nim
+++ b/main.nim
@ -1,9 +1,11 @@
 import lib/sandbox
+import lib/modes
 import strformat
+import strutils
 import os

 proc main() =
-  let mode = splitPath(getAppFilename()).tail
+  let mode = parseEnum[Modes](paramStr(0))
  let args = commandLineParams()
  let argc = paramCount()

@ -11,6 +13,7 @@ proc main() =
    echo &"Usage: {mode} <sandbox> [command]"
    quit(1)

+
  let name = args[0]
  var command: string

@ -19,6 +22,6 @@ proc main() =
  else:
    command = getEnv("SHELL", "/bin/sh")

-  sandboxExec(name, command)
+  sandboxExec(name, command, mode)

 main()