Add support for different modes based on argv[0]
This commit is contained in:
parent
8b89243a4a
commit
9708146d81
GPG Key ID:
BF556F989760A7C8
|
|
@ -14,5 +14,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall
|
||||||
call
|
call
|
||||||
|
|
||||||
proc exec*(call: var BwrapCall) =
|
proc exec*(call: var BwrapCall) =
|
||||||
echo call.args
|
|
||||||
discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
|
discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ type Link* = object
|
||||||
dst*: string
|
dst*: string
|
||||||
|
|
||||||
type Config* = object
|
type Config* = object
|
||||||
|
extends*: Option[seq[string]]
|
||||||
mount*: Option[seq[string]]
|
mount*: Option[seq[string]]
|
||||||
romount*: Option[seq[string]]
|
romount*: Option[seq[string]]
|
||||||
symlinks*: Option[seq[Link]]
|
symlinks*: Option[seq[Link]]
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
type Modes* = enum
|
||||||
|
Shell = "bwshell", Box = "bwbox"
|
||||||
|
|
@ -1,14 +1,15 @@
|
||||||
import os
|
import os
|
||||||
import json
|
import json
|
||||||
|
import modes
|
||||||
import bwrap
|
import bwrap
|
||||||
import config
|
import config
|
||||||
import options
|
import options
|
||||||
|
|
||||||
const CONFIG_LOCATION = "config.json"
|
|
||||||
|
|
||||||
proc homePath(p: string): string =
|
proc homePath(p: string): string =
|
||||||
joinPath(getHomeDir(), p)
|
joinPath(getHomeDir(), p)
|
||||||
|
|
||||||
|
const CONFIG_LOCATION = homePath(joinPath(".sandboxes", "config.json"))
|
||||||
|
|
||||||
proc checkRelativePath(p: string): string =
|
proc checkRelativePath(p: string): string =
|
||||||
if p[0] == '/':
|
if p[0] == '/':
|
||||||
return p
|
return p
|
||||||
|
|
@ -27,7 +28,7 @@ proc applyConfig(call: var BwrapCall, config: Config) =
|
||||||
proc loadConfig(path: string): Config =
|
proc loadConfig(path: string): Config =
|
||||||
return readFile(path).parseJson().to(Config)
|
return readFile(path).parseJson().to(Config)
|
||||||
|
|
||||||
proc sandboxExec*(name: string, command: string) =
|
proc sandboxExec*(name: string, command: string, mode: Modes) =
|
||||||
let sandboxPath = homePath(joinPath(".sandboxes", name))
|
let sandboxPath = homePath(joinPath(".sandboxes", name))
|
||||||
let sandboxFiles = joinPath(sandboxPath, "files")
|
let sandboxFiles = joinPath(sandboxPath, "files")
|
||||||
let sandboxInfo = joinPath(sandboxPath, "info")
|
let sandboxInfo = joinPath(sandboxPath, "info")
|
||||||
|
|
@ -38,17 +39,20 @@ proc sandboxExec*(name: string, command: string) =
|
||||||
call
|
call
|
||||||
.addArg("--bind", sandboxFiles, getHomeDir())
|
.addArg("--bind", sandboxFiles, getHomeDir())
|
||||||
.addMount("--dev-bind", "/dev")
|
.addMount("--dev-bind", "/dev")
|
||||||
.addArg("--dir", "/tmp")
|
.addArg("--tmpfs", "/tmp")
|
||||||
.addArg("--proc", "/proc")
|
.addArg("--proc", "/proc")
|
||||||
.addArg("--unshare-all")
|
.addArg("--unshare-all")
|
||||||
.addArg("--share-net")
|
.addArg("--share-net")
|
||||||
.addArg("--die-with-parent")
|
.addArg("--die-with-parent")
|
||||||
.addArg("--hostname", name)
|
.addArg("--hostname", name)
|
||||||
.addArg("--chdir", getHomeDir())
|
|
||||||
.applyConfig(loadConfig(CONFIG_LOCATION))
|
.applyConfig(loadConfig(CONFIG_LOCATION))
|
||||||
|
|
||||||
|
if mode == Modes.Shell:
|
||||||
|
call
|
||||||
|
.addMount("--bind", getCurrentDir())
|
||||||
|
.addArg("--chdir", getCurrentDir())
|
||||||
|
|
||||||
let configPath = sandboxPath.joinPath("config.json")
|
let configPath = sandboxPath.joinPath("config.json")
|
||||||
echo configPath
|
|
||||||
if fileExists(configPath):
|
if fileExists(configPath):
|
||||||
call.applyConfig(loadConfig(configPath))
|
call.applyConfig(loadConfig(configPath))
|
||||||
|
|
||||||
|
|
|
||||||
7
main.nim
7
main.nim
|
|
@ -1,9 +1,11 @@
|
||||||
import lib/sandbox
|
import lib/sandbox
|
||||||
|
import lib/modes
|
||||||
import strformat
|
import strformat
|
||||||
|
import strutils
|
||||||
import os
|
import os
|
||||||
|
|
||||||
proc main() =
|
proc main() =
|
||||||
let mode = splitPath(getAppFilename()).tail
|
let mode = parseEnum[Modes](paramStr(0))
|
||||||
let args = commandLineParams()
|
let args = commandLineParams()
|
||||||
let argc = paramCount()
|
let argc = paramCount()
|
||||||
|
|
||||||
|
|
@ -11,6 +13,7 @@ proc main() =
|
||||||
echo &"Usage: {mode} <sandbox> [command]"
|
echo &"Usage: {mode} <sandbox> [command]"
|
||||||
quit(1)
|
quit(1)
|
||||||
|
|
||||||
|
|
||||||
let name = args[0]
|
let name = args[0]
|
||||||
var command: string
|
var command: string
|
||||||
|
|
||||||
|
|
@ -19,6 +22,6 @@ proc main() =
|
||||||
else:
|
else:
|
||||||
command = getEnv("SHELL", "/bin/sh")
|
command = getEnv("SHELL", "/bin/sh")
|
||||||
|
|
||||||
sandboxExec(name, command)
|
sandboxExec(name, command, mode)
|
||||||
|
|
||||||
main()
|
main()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue