colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bunpen: implement --bunpen-path cli arg

Browse Source
This commit is contained in:
Colin
2024-08-23 12:30:03 +00:00
parent 7a4a7d613b
commit 7d097474a3
2 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
pkgs/additional/bunpen/config/cli.ha
View File

@@ -1,13 +1,15 @@
// vim: set shiftwidth=2 : // vim: set shiftwidth=2 :
use fmt; use fmt;
use os;
export type cli_opts = struct { export type cli_opts = struct {
// command to `exec` within the sandbox // command to `exec` within the sandbox
cmd: []str, cmd: []str,
// `--bunpen-help`
help: bool,
// `--bunpen-debug` // `--bunpen-debug`
debug: bool, debug: bool,
// `--bunpen-help`
help: bool,
paths: []str,
}; };
export fn usage() void = { export fn usage() void = {
@@ -47,9 +49,9 @@ export fn usage() void = {
// fmt::println(" --bunpen-dns <server>|host")!; // fmt::println(" --bunpen-dns <server>|host")!;
// fmt::println(" --bunpen-keep-namespace <all|cgroup|ipc|net|pid|uts>")!; // fmt::println(" --bunpen-keep-namespace <all|cgroup|ipc|net|pid|uts>")!;
// fmt::println(" do not unshare the provided linux namespace")!; // fmt::println(" do not unshare the provided linux namespace")!;
// fmt::println(" --bunpen-path <path>")!; fmt::println(" --bunpen-path <path>")!;
// fmt::println(" allow access to the host <path> within the sandbox")!; fmt::println(" allow access to the host <path> within the sandbox")!;
// fmt::println(" path is interpreted relative to the working directory if not absolute")!; fmt::println(" path is interpreted relative to the working directory if not absolute")!;
// fmt::println(" --bunpen-home-path <path>")!; // fmt::println(" --bunpen-home-path <path>")!;
// fmt::println(" allow access to the host <path>, relative to HOME")!; // fmt::println(" allow access to the host <path>, relative to HOME")!;
// fmt::println(" --bunpen-run-path <path>")!; // fmt::println(" --bunpen-run-path <path>")!;
@@ -71,13 +73,26 @@ export fn usage() void = {
export fn parse_args(args: []str) cli_opts = { export fn parse_args(args: []str) cli_opts = {
let parsed = cli_opts { ... }; let parsed = cli_opts { ... };
for (let arg .. args) { for (let idx: size = 0; idx < len(args); idx += 1) {
let arg = args[idx];
let next: nullable *str = null;
if (idx + 1 < len(args)) {
next = &args[idx+1];
};
switch (arg) { switch (arg) {
case "--bunpen-help" => parsed.help = true; case "--bunpen-help" => parsed.help = true;
case "--bunpen-debug" => parsed.debug = true; case "--bunpen-debug" => parsed.debug = true;
case "--bunpen-path" => idx += 1; append(parsed.paths, expect_arg("--bunpen-path", next));
case => append(parsed.cmd, arg); case => append(parsed.cmd, arg);
}; };
}; };
return parsed; return parsed;
}; };
fn expect_arg(name: str, value: nullable *str) str = {
match (value) {
case null => usage(); os::exit(1);
case let v: *str => return *v;
};
};

2
pkgs/additional/bunpen/main.ha
View File

@@ -31,7 +31,7 @@ export fn main() void = {
}; };
let what = restrict::resources { let what = restrict::resources {
paths = ["/"], paths = opts.paths,
net = false, net = false,
}; };