6c65e4b313
sane-sandboxed: be a little more careful with out vars
2024-05-13 04:00:15 +00:00
bd3e06982b
sane-sandboxed: tweak symlink caching to allow /run/current-system to be bind-mounted instead of symlinked
2024-05-13 02:11:47 +00:00
660ba94c7c
sane-sandboxed: introduce a symlink cache to reduce readlink
calls even more
...
it's all a bit silly. i still do a bunch of -L tests: i just avoid the costly readlink fork :|
2024-05-13 01:31:30 +00:00
11ddce043d
sane-sandboxed: reduce forking (use out vars)
2024-05-12 22:35:05 +00:00
980fe6b33c
sane-sandboxed: use local
where applicable
2024-05-12 22:15:34 +00:00
d827235d31
sane-sandboxed: be more strict internally about keeping paths
var as absolute-paths
2024-05-12 21:44:33 +00:00
f7a25d1421
sane-sandboxed: bwrap: expose symlinks to the sandbox directly, instead of binding
...
some things (e.g. `sane-open`) require the symlink, and lose too much
info when working only with the bind. having the sandboxed environment
stay similar to the out env sould make debugging things simpler
2024-05-12 21:42:31 +00:00
d148b19767
sane-sandboxed: expand symlinks before binding them into the sandbox
2024-05-12 21:41:49 +00:00
0385c09f23
sane-sandboxed: split out into an actual package
2024-04-15 18:57:22 +00:00