diff --git a/lib/bwrap.nim b/lib/bwrap.nim index 25cb19e..9fe3433 100644 --- a/lib/bwrap.nim +++ b/lib/bwrap.nim @@ -14,5 +14,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall call proc exec*(call: var BwrapCall) = - echo call.args discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args))) diff --git a/lib/config.nim b/lib/config.nim index 002bd9e..d079f24 100644 --- a/lib/config.nim +++ b/lib/config.nim @@ -5,6 +5,7 @@ type Link* = object dst*: string type Config* = object - mount*: Option[seq[string]] - romount*: Option[seq[string]] - symlinks*: Option[seq[Link]] + extends*: Option[seq[string]] + mount*: Option[seq[string]] + romount*: Option[seq[string]] + symlinks*: Option[seq[Link]] diff --git a/lib/modes.nim b/lib/modes.nim new file mode 100644 index 0000000..e91e038 --- /dev/null +++ b/lib/modes.nim @@ -0,0 +1,2 @@ +type Modes* = enum + Shell = "bwshell", Box = "bwbox" \ No newline at end of file diff --git a/lib/sandbox.nim b/lib/sandbox.nim index 9d4d859..40eabbf 100644 --- a/lib/sandbox.nim +++ b/lib/sandbox.nim @@ -1,14 +1,15 @@ import os import json +import modes import bwrap import config import options -const CONFIG_LOCATION = "config.json" - proc homePath(p: string): string = joinPath(getHomeDir(), p) +const CONFIG_LOCATION = homePath(joinPath(".sandboxes", "config.json")) + proc checkRelativePath(p: string): string = if p[0] == '/': return p @@ -27,7 +28,7 @@ proc applyConfig(call: var BwrapCall, config: Config) = proc loadConfig(path: string): Config = return readFile(path).parseJson().to(Config) -proc sandboxExec*(name: string, command: string) = +proc sandboxExec*(name: string, command: string, mode: Modes) = let sandboxPath = homePath(joinPath(".sandboxes", name)) let sandboxFiles = joinPath(sandboxPath, "files") let sandboxInfo = joinPath(sandboxPath, "info") @@ -38,17 +39,20 @@ proc sandboxExec*(name: string, command: string) = call .addArg("--bind", sandboxFiles, getHomeDir()) .addMount("--dev-bind", "/dev") - .addArg("--dir", "/tmp") + .addArg("--tmpfs", "/tmp") .addArg("--proc", "/proc") .addArg("--unshare-all") .addArg("--share-net") .addArg("--die-with-parent") .addArg("--hostname", name) - .addArg("--chdir", getHomeDir()) .applyConfig(loadConfig(CONFIG_LOCATION)) + if mode == Modes.Shell: + call + .addMount("--bind", getCurrentDir()) + .addArg("--chdir", getCurrentDir()) + let configPath = sandboxPath.joinPath("config.json") - echo configPath if fileExists(configPath): call.applyConfig(loadConfig(configPath)) diff --git a/main.nim b/main.nim index 44e9029..dba577c 100644 --- a/main.nim +++ b/main.nim @@ -1,9 +1,11 @@ import lib/sandbox +import lib/modes import strformat +import strutils import os proc main() = - let mode = splitPath(getAppFilename()).tail + let mode = parseEnum[Modes](paramStr(0)) let args = commandLineParams() let argc = paramCount() @@ -11,6 +13,7 @@ proc main() = echo &"Usage: {mode} [command]" quit(1) + let name = args[0] var command: string @@ -19,6 +22,6 @@ proc main() = else: command = getEnv("SHELL", "/bin/sh") - sandboxExec(name, command) + sandboxExec(name, command, mode) main()