forked from utensil/forest
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbwrap-oc
More file actions
executable file
·42 lines (40 loc) · 1.23 KB
/
bwrap-oc
File metadata and controls
executable file
·42 lines (40 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/sh
# bwrap-oc: Run just prep-oc in a bubblewrap sandbox
# ================================================
#
# This script runs `just prep-oc` inside a bubblewrap (bwrap) sandbox, binding only the minimal required paths.
#
# Usage:
# ./bwrap-oc
#
# - Adjusts bind mounts as needed to make `just prep-oc` work.
# - Inspired by https://github.com/9001/copyparty/blob/refs/heads/hovudstraum/bin/bubbleparty.sh
#
# AGENT-NOTE: CRITICAL FEATURES TO MAINTAIN
# 1. IDEMPOTENT: Multiple runs must produce identical results
# 2. ERROR HANDLING: Graceful degradation for missing data
# 3. BUILD INTEGRATION: Validates syntax after processing
# 4. DETERMINISTIC: Sorted processing ensures consistent output
HOME="$HOME"
CWD="$(pwd)"
exec bwrap \
--unshare-all \
--ro-bind /usr /usr \
--ro-bind /bin /bin \
--ro-bind /lib /lib \
--ro-bind /lib64 /lib64 \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--dev-bind /dev /dev \
--dir /tmp \
--dir /var \
--bind "$CWD" "$CWD" \
--bind "$HOME" "$HOME" \
--share-net \
--die-with-parent \
--setenv HOME "$HOME" \
--setenv PATH "$PATH" \
--setenv USER "$USER" \
--setenv SHELL "$SHELL" \
--setenv LANG "${LANG:-en_US.UTF-8}" \
--setenv LC_ALL "${LC_ALL:-en_US.UTF-8}" \
just prep-oc