mawalu
/
bwbox
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Extract bwrap type

This commit is contained in:
Martin 2021-05-18 20:39:59 +02:00
parent 206f555b65
commit e218eb9e5e
Signed by: mawalu
GPG Key ID: BF556F989760A7C8
3 changed files with 41 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
.idea
main main

18
lib/bwrap.nim Normal file
View File

@ -0,0 +1,18 @@
import posix
import sequtils
type BwrapCall* = object
args: seq[string]
proc addArg*(call: var BwrapCall, args: varargs[string]): var BwrapCall {.discardable.} =
for arg in args:
call.args.add(arg)
call
proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall {.discardable.} =
addArg(call, mType, path, path)
call
proc exec*(call: var BwrapCall) =
echo call.args
discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))

57
main.nim
View File

@ -1,21 +1,7 @@
import strformat import strformat
import sequtils import lib/bwrap
import posix
import os import os
type BwrapCall = object
args: seq[string]
proc addArg(call: var BwrapCall, args: varargs[string]) =
for arg in args:
call.args.add(arg)
proc addMount(call: var BwrapCall, mType: string, path: string) =
addArg(call, mType, path, path)
proc exec(call: var BwrapCall) =
discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
proc homePath(p: string): string = proc homePath(p: string): string =
joinPath(getHomeDir(), p) joinPath(getHomeDir(), p)
@ -41,30 +27,31 @@ let sandboxInfo = joinPath(sandboxPath, "info")
createDir(sandboxFiles) createDir(sandboxFiles)
var bwrap = BwrapCall() var call = BwrapCall()
for bMount in ["/sys"]: call.addArg("--bind", sandboxFiles, getHomeDir())
bwrap.addMount("--bind", bmount)
for roMount in ["/etc", "/var", "/usr", "/opt"]: for mount in ["/sys"]:
bwrap.addMount("--ro-bind", roMount) call.addMount("--bind", mount)
bwrap.addMount("--dev-bind", "/dev") for mount in ["/etc", "/var", "/usr", "/opt", homePath(".oh-my-zsh"), homePath(".zsh"), homePath(".zshrc")]:
bwrap.addArg("--bind", sandboxFiles, getHomeDir()) call.addMount("--ro-bind", mount)
bwrap.addArg("--dir", "/tmp")
bwrap.addArg("--symlink", "usr/lib", "/lib")
bwrap.addArg("--symlink", "usr/lib64", "/lib64")
bwrap.addArg("--symlink", "usr/bin", "/bin")
bwrap.addArg("--symlink", "usr/sbin", "/sbin")
bwrap.addArg("--proc", "/proc")
bwrap.addArg("--unshare-all")
bwrap.addArg("--share-net")
bwrap.addArg("--die-with-parent")
bwrap.addArg("--hostname", name)
bwrap.addArg("--chdir", getHomeDir())
bwrap.addArg(command)
bwrap.exec() call
.addMount("--dev-bind", "/dev")
.addArg("--dir", "/tmp")
.addArg("--symlink", "usr/lib", "/lib")
.addArg("--symlink", "usr/lib64", "/lib64")
.addArg("--symlink", "usr/bin", "/bin")
.addArg("--symlink", "usr/sbin", "/sbin")
.addArg("--proc", "/proc")
.addArg("--unshare-all")
.addArg("--share-net")
.addArg("--die-with-parent")
.addArg("--hostname", name)
.addArg("--chdir", getHomeDir())
.addArg(command)
.exec()
#[ #[
(exec bwrap --bind $sandbox_files $HOME \ (exec bwrap --bind $sandbox_files $HOME \