sane-sandboxed: add a help message
This commit is contained in:
@@ -80,6 +80,56 @@ profilesNamed=()
|
||||
firejailFlags=()
|
||||
bwrapFlags=()
|
||||
|
||||
usage() {
|
||||
echo 'sane-sandboxed: run a program inside a sandbox'
|
||||
echo 'USAGE: sane-sandboxed [sandbox-arg ...] program [sandbox-arg|program-arg ...] [--] [program-arg ...]'
|
||||
echo ''
|
||||
echo 'sandbox args and program args may be intermixed, but the first `--` anywhere signals the end of the sandbox args and the start of program args'
|
||||
echo
|
||||
echo 'sandbox args:'
|
||||
echo ' --sane-sandbox-help'
|
||||
echo ' show this message'
|
||||
echo ' --sane-sandbox-debug'
|
||||
echo ' print debug messages to stderr'
|
||||
echo ' --sane-sandbox-replace-cli <bin>'
|
||||
echo ' invoke <bin> under the sandbox instead of any program previously listed'
|
||||
echo ' also clears and earlier arguments intended for the program'
|
||||
echo ' --sane-sandbox-disable'
|
||||
echo ' invoke the program directly, instead of inside a sandbox'
|
||||
echo ' --sane-sandbox-dry-run'
|
||||
echo ' show what would be `exec`uted but do not perform any action'
|
||||
echo ' --sane-sandbox-method <bwrap|capshonly|firejail|landlock|none>'
|
||||
echo ' use a specific sandboxer'
|
||||
echo ' --sane-sandbox-autodetect <existing|existingFile|existingFileOrParent|existingOrParent|parent>'
|
||||
echo ' add files which appear later as CLI arguments into the sandbox'
|
||||
echo ' --sane-sandbox-cap <sys_admin|sys_net|...>'
|
||||
echo ' allow the sandboxed program to use the provided linux capability (both inside and outside the sandbox)'
|
||||
echo ' --sane-sandbox-portal'
|
||||
echo ' set environment variables so that the sandboxed program will attempt to use xdg-desktop-portal for operations like opening files'
|
||||
echo ' --sane-sandbox-dns <server>'
|
||||
echo ' --sane-sandbox-firejail-arg <arg>'
|
||||
echo ' --sane-sandbox-bwrap-arg <arg>'
|
||||
echo ' --sane-sandbox-net <iface>'
|
||||
echo ' --sane-sandbox-keep-namespace <cgroup|ipc|pid|uts|all>'
|
||||
echo ' do not unshare the provided linux namespace'
|
||||
echo ' --sane-sandbox-path <path>'
|
||||
echo ' allow access to the host <path> within the sandbox'
|
||||
echo ' --sane-sandbox-add-pwd'
|
||||
echo ' shorthand for `--sane-sandbox-path $PWD`'
|
||||
echo ' --sane-sandbox-profile <profile>'
|
||||
echo ' --sane-sandbox-profile-dir <dir>'
|
||||
echo
|
||||
echo 'the following environment variables are also considered and propagated to children:'
|
||||
echo ' SANE_SANDBOX_DISABLE=1'
|
||||
echo ' equivalent to `--sane-sandbox-disable`'
|
||||
echo ' SANE_SANDBOX_DEBUG=1'
|
||||
echo ' equivalent to `--sane-sandbox-debug`, but activates earlier'
|
||||
echo ' SANE_SANDBOX_PREPEND=...'
|
||||
echo ' act as though the provided arg string appeared at the start of the CLI'
|
||||
echo ' SANE_SANDBOX_APPEND=...'
|
||||
echo ' act as though the provided arg string appeared at the end of the CLI'
|
||||
}
|
||||
|
||||
|
||||
## UTILITIES/BOILERPLATE
|
||||
|
||||
@@ -300,6 +350,10 @@ parseArgs() {
|
||||
parseArgsExtra+=("$@")
|
||||
break
|
||||
;;
|
||||
(--sane-sandbox-help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
(--sane-sandbox-debug)
|
||||
enableDebug
|
||||
;;
|
||||
|
||||
Reference in New Issue
Block a user