Skip to content
Snippets Groups Projects
Commit 40dd04af authored by Florian Meißner's avatar Florian Meißner
Browse files

add keepass-diff wrapper (w/o networking and only first two parameters bound R/O into jail)

parent 27a23148
No related branches found
No related tags found
No related merge requests found
#!/usr/bin/env fish
# https://github.com/containers/bubblewrap/blob/main/demos/bubblewrap-shell.sh
[ (count $argv) -ge 2 ] || begin; echo Atleast '<db1> <db2>' required; return; end;
exec bwrap --ro-bind /usr /usr \
--dir /tmp \
--dir /var \
--symlink ../tmp var/tmp \
--proc /proc \
--dev /dev \
#
# no networking wanted
# --ro-bind /etc/resolv.conf /etc/resolv.conf \
#
--symlink usr/lib /lib \
--symlink usr/lib64 /lib64 \
--symlink usr/bin /bin \
--symlink usr/sbin /sbin \
# --chdir / \
--unshare-all \
#
# no networking wanted
# --share-net \
#
--die-with-parent \
--dir /run/user/$(id -u) \
--setenv XDG_RUNTIME_DIR "/run/user/`id -u`" \
--setenv PS1 "bwrap-demo\$ " \
--chdir /run/user/$(id -u) \
--file 11 /etc/passwd \
--file 12 /etc/group \
11<(getent passwd $UID 65534 | psub) \
12<(getent group (id -g) 65534 | psub) \
#
#
#############
# new stuff #
#############
#
# get executable
--ro-bind ~/software/keepass-diff/target/release/keepass-diff /keepass-diff \
#
# get dbs into runtime dir r/o, rename to avoid collisions
--ro-bind $argv[1] /run/user/$(id -u)/left_(basename $argv[1]) \
--ro-bind $argv[2] /run/user/$(id -u)/right_(basename $argv[2]) \
#
# execute keepass-diff w/ modified paths
/keepass-diff left_(basename $argv[1]) right_(basename $argv[2]) $argv[3..]
#
######
#
# shell for testing
--setenv argv "$argv" -- fish
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment