Class: Bwrap::Args::Bind

Inherits:
Object
  • Object
show all
Includes:
Execution, Output
Defined in:
lib/bwrap/args/bind.rb,
lib/bwrap/args/bind/device.rb,
lib/bwrap/args/bind/library.rb

Overview

Bind arguments for bwrap.

Defined Under Namespace

Classes: Device, Library

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Output

debug?, debug_output, error_output, handle_output_options, info_output, quiet?, trace?, trace_output, verb_output, verbose?, warn_output

Methods included from Execution

do_execute, last_status, popen2e

Instance Attribute Details

#args=(value) ⇒ Object (writeonly)

Array of parameters passed to bwrap.



15
16
17
 
# File 'lib/bwrap/args/bind.rb', line 15

def args=(value)
  @args = value
end

#config=(value) ⇒ Object (writeonly)

Instance of Config.



18
19
20
 
# File 'lib/bwrap/args/bind.rb', line 18

def config=(value)
  @config = value
end

#environment=(value) ⇒ Object (writeonly)

Instance of Environment.



21
22
23
 
# File 'lib/bwrap/args/bind.rb', line 21

def environment=(value)
  @environment = value
end

#executable=(value) ⇒ Object (writeonly)

Instance of Resolvers::Executable.



24
25
26
 
# File 'lib/bwrap/args/bind.rb', line 24

def executable=(value)
  @executable = value
end

Instance Method Details

#bind_home_directoryObject

Note:

Requires @config.user to be set.

Arguments to bind home directory from sandbox directory (`#Bwrap::Args::Bind.@config@config.sandbox_directory/home`) as `/home/#Bwrap::Args::Bind.@config@config.user`.



30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/bwrap/args/bind.rb', line 30

def bind_home_directory
  return unless @config&.user

  home_directory = "#{@config.sandbox_directory}/home"

  unless Dir.exist? home_directory
    raise "Home directory #{home_directory} does not exist. You need to create it yourself."
  end

  @environment["HOME"] = "/home/#{@config.user}"

  debug "Using #{home_directory} as /home/#{@config.user}"
  @args.add :home_directory, %W{ --bind #{home_directory} /home/#{@config.user} }
end

#cleanupObject

Performs cleanup operations after execution.



96
97
98
 
# File 'lib/bwrap/args/bind.rb', line 96

def cleanup
  Bwrap::Resolvers::Library.clear_needed_libraries_cache
end

#custom_read_only_bindsObject

These are something user can specify to do custom –ro-bind binds.



84
85
86
87
88
89
90
91
92
93
 
# File 'lib/bwrap/args/bind.rb', line 84

def custom_read_only_binds
  return unless @config&.ro_binds

  binds = []
  @config.ro_binds.each do |source_path, destination_path|
    binds << "--ro-bind" << source_path.to_s << destination_path.to_s
  end

  @args.add :custom_ro_binds, binds unless binds.empty?
end

#device_bindsObject 



73
74
75
76
77
78
79
80
81
 
# File 'lib/bwrap/args/bind.rb', line 73

def device_binds
  device = Bwrap::Args::Bind::Device.new @args
  device.config = @config

  device.dev_mount
  device.bind_dev_dri
  device.bind_sys_dev_char
  device.bind_pci_devices
end

#handle_given_commandObject

Handle command passed to Bwrap#run.

Allows subsequent actions to utilize the command.



48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/bwrap/args/bind.rb', line 48

def handle_given_command
  construct_library_bind

  # I’m not completely sure this is a good idea. Maybe only dependent libraries
  # should be skipped and the actual executable should still be checked?
  #
  # Or maybe the data should be calculated and these are excluded in
  # Construct#bwrap_arguments?
  return if @config && !@config&.full_system_mounts

  @library_bind.handle_given_command
end

#handle_system_mountsObject

Arguments to read-only bind whole system inside sandbox.



62
63
64
65
66
67
68
69
70
71
 
# File 'lib/bwrap/args/bind.rb', line 62

def handle_system_mounts
  return unless @config&.binaries_from

  bindir_mounts
  libdir_mounts

  binds_for_features
  @library_bind.binds_for_features
  @library_bind.extra_executables_mounts
end