programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting
This commit is contained in:
parent
79e2bd2913
commit
7f002b8718
|
@ -8,6 +8,7 @@ autodetect=
|
|||
profilesNamed=()
|
||||
rootPaths=()
|
||||
homePaths=()
|
||||
capabilities=()
|
||||
net=
|
||||
dns=()
|
||||
method=
|
||||
|
@ -116,6 +117,11 @@ parseArgs() {
|
|||
# e.g. first drop to the broadest path set of interest (Music,Videos,tmp, ...), then drop via autodetect.
|
||||
autodetect=1
|
||||
;;
|
||||
(--sane-sandbox-cap)
|
||||
_cap="$1"
|
||||
shift
|
||||
capabilities+=("$_cap")
|
||||
;;
|
||||
(--sane-sandbox-dns)
|
||||
# N.B.: these named temporary variables ensure that `set -x` causes $1 to be printed
|
||||
_dns="$1"
|
||||
|
@ -221,6 +227,9 @@ bwrapIngestHomePath() {
|
|||
bwrapIngestProfile() {
|
||||
debug "bwrap doesn't implement profiles"
|
||||
}
|
||||
bwrapIngestCapability() {
|
||||
bwrapFlags+=("--cap-add" "cap_$1")
|
||||
}
|
||||
# WIP
|
||||
|
||||
bwrapExec() {
|
||||
|
@ -257,6 +266,10 @@ if [ -n "$autodetect" ]; then
|
|||
done
|
||||
fi
|
||||
|
||||
for _cap in "${capabilities[@]}"; do
|
||||
"$method"IngestCapability "$_cap"
|
||||
done
|
||||
|
||||
if [ -n "$net" ]; then
|
||||
"$method"IngestNet "$net"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue
Block a user