bunpen: implement --bunpen-path cli arg
This commit is contained in:
@@ -1,13 +1,15 @@
|
||||
// vim: set shiftwidth=2 :
|
||||
use fmt;
|
||||
use os;
|
||||
|
||||
export type cli_opts = struct {
|
||||
// command to `exec` within the sandbox
|
||||
cmd: []str,
|
||||
// `--bunpen-help`
|
||||
help: bool,
|
||||
// `--bunpen-debug`
|
||||
debug: bool,
|
||||
// `--bunpen-help`
|
||||
help: bool,
|
||||
paths: []str,
|
||||
};
|
||||
|
||||
export fn usage() void = {
|
||||
@@ -47,9 +49,9 @@ export fn usage() void = {
|
||||
// fmt::println(" --bunpen-dns <server>|host")!;
|
||||
// fmt::println(" --bunpen-keep-namespace <all|cgroup|ipc|net|pid|uts>")!;
|
||||
// fmt::println(" do not unshare the provided linux namespace")!;
|
||||
// fmt::println(" --bunpen-path <path>")!;
|
||||
// fmt::println(" allow access to the host <path> within the sandbox")!;
|
||||
// fmt::println(" path is interpreted relative to the working directory if not absolute")!;
|
||||
fmt::println(" --bunpen-path <path>")!;
|
||||
fmt::println(" allow access to the host <path> within the sandbox")!;
|
||||
fmt::println(" path is interpreted relative to the working directory if not absolute")!;
|
||||
// fmt::println(" --bunpen-home-path <path>")!;
|
||||
// fmt::println(" allow access to the host <path>, relative to HOME")!;
|
||||
// fmt::println(" --bunpen-run-path <path>")!;
|
||||
@@ -71,13 +73,26 @@ export fn usage() void = {
|
||||
export fn parse_args(args: []str) cli_opts = {
|
||||
let parsed = cli_opts { ... };
|
||||
|
||||
for (let arg .. args) {
|
||||
for (let idx: size = 0; idx < len(args); idx += 1) {
|
||||
let arg = args[idx];
|
||||
let next: nullable *str = null;
|
||||
if (idx + 1 < len(args)) {
|
||||
next = &args[idx+1];
|
||||
};
|
||||
switch (arg) {
|
||||
case "--bunpen-help" => parsed.help = true;
|
||||
case "--bunpen-debug" => parsed.debug = true;
|
||||
case "--bunpen-path" => idx += 1; append(parsed.paths, expect_arg("--bunpen-path", next));
|
||||
case => append(parsed.cmd, arg);
|
||||
};
|
||||
};
|
||||
|
||||
return parsed;
|
||||
};
|
||||
|
||||
fn expect_arg(name: str, value: nullable *str) str = {
|
||||
match (value) {
|
||||
case null => usage(); os::exit(1);
|
||||
case let v: *str => return *v;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -31,7 +31,7 @@ export fn main() void = {
|
||||
};
|
||||
|
||||
let what = restrict::resources {
|
||||
paths = ["/"],
|
||||
paths = opts.paths,
|
||||
net = false,
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user