colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bunpen: parse net CLI switches

Browse Source
This commit is contained in:
Colin
2024-09-19 23:35:05 +00:00
parent 381641b2db
commit bf53ab1cb1
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkgs/additional/bunpen/config/cli.ha
View File

@@ -24,6 +24,10 @@ export type cli_opts = struct {
paths: []str,
run_paths: []str,
try_keep_users: bool,
net_dev: (void | str),
net_gateway: (void | str),
dns: (void | str),
};
export fn usage() void = {
@@ -60,6 +64,12 @@ export fn usage() void = {
fmt::println(" allow access to the host <path>, relative to HOME")!;
fmt::println(" --bunpen-run-path <path>")!;
fmt::println(" allow access to the host <path>, relative to XDG_RUNTIME_DIR")!;
fmt::println("")!;
fmt::println("net proxy settings (typical invocation specifies either ALL or NONE of these):")!;
fmt::println(" --bunpen-net-dev <iface>")!;
fmt::println(" --bunpen-net-gateway <ip-address>")!;
fmt::println(" --bunpen-dns <server>")!;
fmt::println("")!;
fmt::println("the following environment variables are also considered and propagated to children:")!;
fmt::println(" BUNPEN_DEBUG=n")!;
fmt::println(" equivalent to `--bunpen-debug=n`")!;
@@ -82,9 +92,6 @@ export fn usage() void = {
// fmt::println(" show what would be `exec`uted but do not perform any action")!;
// fmt::println(" --bunpen-method <bwrap|capshonly|pastaonly|landlock|none>")!;
// fmt::println(" use a specific sandboxer")!;
// fmt::println(" --bunpen-net-dev <iface>|all")!;
// fmt::println(" --bunpen-net-gateway <ip-address>")!;
// fmt::println(" --bunpen-dns <server>|host")!;
// fmt::println(" --bunpen-keep-namespace <all|cgroup|ipc|net|pid|uts>")!;
// fmt::println(" do not unshare the provided linux namespace")!;
// fmt::println(" BUNPEN_PREPEND=...")!;
@@ -92,7 +99,7 @@ export fn usage() void = {
};
export fn parse_args(args: []str) (cli_opts | errors::invalid) = {
let parsed = cli_opts { autodetect = void, ... };
let parsed = cli_opts { autodetect = void, net_dev = void, net_gateway = void, dns = void, ... };
match (os::getenv("BUNPEN_DISABLE")) {
case let d: str => parsed.disable = d;
@@ -146,12 +153,15 @@ fn parse_args_into(parsed: *cli_opts, args: []str) (void | errors::invalid) = {
case "--bunpen-debug=2" => parsed.debug = 2;
case "--bunpen-debug=3" => parsed.debug = 3;
case "--bunpen-debug=4" => parsed.debug = 4;
case "--bunpen-dns" => idx += 1; parsed.dns = expect_arg("--bunpen-dns", next)?;
case "--bunpen-drop-shell" => parsed.drop_shell = true;
case "--bunpen-help" => parsed.help = true;
case "--bunpen-home-path" => idx += 1; append(parsed.home_paths, expect_arg("--bunpen-home-path", next)?);
case "--bunpen-keep-ipc" => parsed.keep_ipc = true;
case "--bunpen-keep-net" => parsed.keep_net = true;
case "--bunpen-keep-pid" => parsed.keep_pid = true;
case "--bunpen-net-dev" => idx += 1; parsed.net_dev = expect_arg("--bunpen-net-dev", next)?;
case "--bunpen-net-gateway" => idx += 1; parsed.net_gateway = expect_arg("--bunpen-net-gateway", next)?;
case "--bunpen-path" => idx += 1; append(parsed.paths, expect_arg("--bunpen-path", next)?);
case "--bunpen-run-path" => idx += 1; append(parsed.run_paths, expect_arg("--bunpen-run-path", next)?);
case "--bunpen-try-keep-users" => parsed.try_keep_users = true;