View paste I6SQ

New paste Repaste Download

	`#!/bin/sh`

	`MODE="normal"`
	`SESSION="$(id -un)"`
	`INTERNET_ACCESS=""`

	`# -------------- Argument Parsing --------------`

	`while [ $# -gt 0 ]; do`
	`case "$1" in`

	`--mode)`
	`MODE="$2"`
	`shift 2`
	`;;`

	`--session-name)`
	`SESSION="$2"`
	`shift 2`
	`;;`

	`--internet-access)`
	`if [ $2 == 1 \|\| $2 == "yes" \|\| $2 == "y" ]; then`
	`$INTERNET_ACCESS = ""`
	`shift 2`
	`elif [ $2 == 0 \|\| $2 == "no" \|\| $2 == "n" ]; then`
	`$INTERNET_ACCESS = " --unshare-net "`
	`else; then`
	`echo "Usage: --internet-access [ {1, yes, y} or {0, no, n} ]"`
	`exit 1`
	`fi`
	`;;`


	`--)`
	`shift`
	`break`
	`;;`

	`*)`
	`break`
	`;;`
	`esac`
	`done`

	`if [ $# -eq 0 ]; then`
	`echo "Usage: sandbox.sh [--mode MODE] [--session-name NAME] -- command [args...]"`
	`exit 1`
	`fi`

	`USER="$(id -un)"`
	`HOME_REAL="$HOME"`
	`RUNTIME="$XDG_RUNTIME_DIR"`
	`SANDBOX_BASE="$HOME_READ/.sandbox"`
	`EXPORT_DIR="$SANDBOX_BASE/export"`

	`BASE_SYSTEM="`
	`--ro-bind /usr /usr`
	`--ro-bind /bin /bin`
	`--ro-bind /sbin /sbin`
	`--ro-bind /lib /lib`
	`--ro-bind /lib64 /lib64`
	`--ro-bind /etc /etc`
	`--proc /proc`
	`--dev /dev`
	`"`

	`# -------------- Modes --------------`

	`case "$MODE" in`

	`normal)`
	`exec "$@"`
	`;;`

	`contained)`
	`SANDBOX_HOME="$SANDBOX_BASE/contained/$SESSION"`

	`mkdir -p "$SANDBOX_HOME"/.config`
	`mkdir -p "$SANDBOX_HOME"/.local/share`
	`mkdir -p "$SANDBOX_HOME"/.cache`
	`mkdir -p "EXPORT_DIR"`

	`exec bwrap \`
	`--unshare-all \`
	`--new-session \`
	`$BASE_SYSTEM \`
	`--bind "$SANDBOX_HOME" /home/$USER \`
	`--setenv HOME /home/$USER \`
	`--setenv USER "$USER" \`
	`--setenv LOGNAME "$USER" \`
	`--setenv XDG_CONFIG_HOME /home/$USER/.config \`
	`--setenv XDG_DATA_HOME /home/$USER/.local/share \`
	`--setenv XDG_CACHE_HOME /home/$USER/.cache \`
	`--setenv XDG_RUNTIME_DIR "$RUNTIME" \`
	`$INTERNET_ACCESS \`
	`--bind "$RUNTIME" "$RUNTIME" \`
	`--bind "$EXPORT_DIR" /export \`
	`"$@"`
	`;;`

	`volatile)`

	`mkdir -p "$EXPORT_DIR"`

	`exec bwrap \`
	`--unshare-all \`
	`--new-session \`
	`$BASE_SYSTEM \`
	`--tmpfs /home \`
	`--dir /home/$USER \`
	`--setenv HOME /home/$USER \`
	`--setenv USER "$USER" \`
	`--setenv LOGNAME "$USER" \`
	`--setenv XDG_CONFIG_HOME /home/$USER/.config \`
	`--setenv XDG_DATA_HOME /home/$USER/.local/share \`
	`--setenv XDG_CACHE_HOME /home/$USER/.cache \`
	`--setenv XDG_RUNTIME_DIR "$RUNTIME" \`
	`$INTERNET_ACCESS \`
	`--bind "$RUNTIME" "$RUNTIME" \`
	`--bind "$EXPORT_DIR" /export \`
	`"$@"`
	`;;`

	`*)`
	`echo "Unknown mode: '$MODE'"`
	`exit 1`
	`;;`
	`esac`

#!/bin/sh

MODE="normal"
SESSION="$(id -un)"
INTERNET_ACCESS=""

# -------------- Argument Parsing --------------

while [ $# -gt 0 ]; do
	case "$1" in
	
	--mode)
		MODE="$2"
		shift 2
		;;

--session-name)
		SESSION="$2"
		shift 2
		;;
	
	--internet-access)
		if [ $2 == 1 || $2 == "yes" || $2 == "y" ]; then
			$INTERNET_ACCESS = ""
			shift 2
		elif [ $2 == 0 || $2 == "no" || $2 == "n" ]; then
			$INTERNET_ACCESS = " --unshare-net "
		else; then
			echo "Usage: --internet-access [ {1, yes, y} or {0, no, n} ]"
			exit 1
		fi
		;;
			
	
	--)
		shift
		break
		;;
	
	*)
		break
		;;
	esac
done

if [ $# -eq 0 ]; then
	echo "Usage: sandbox.sh [--mode MODE] [--session-name NAME] -- command [args...]"
	exit 1
fi

USER="$(id -un)"
HOME_REAL="$HOME"
RUNTIME="$XDG_RUNTIME_DIR"
SANDBOX_BASE="$HOME_READ/.sandbox"
EXPORT_DIR="$SANDBOX_BASE/export"

BASE_SYSTEM="
	--ro-bind /usr /usr
	--ro-bind /bin /bin
	--ro-bind /sbin /sbin
	--ro-bind /lib /lib
	--ro-bind /lib64 /lib64
	--ro-bind /etc /etc
	--proc /proc
	--dev /dev
"

# -------------- Modes --------------

case "$MODE" in

normal)
	exec "$@"
	;;

contained)
	SANDBOX_HOME="$SANDBOX_BASE/contained/$SESSION"

mkdir -p "$SANDBOX_HOME"/.config
	mkdir -p "$SANDBOX_HOME"/.local/share
	mkdir -p "$SANDBOX_HOME"/.cache
	mkdir -p "EXPORT_DIR"

exec bwrap \
		--unshare-all \
		--new-session \
		$BASE_SYSTEM \
		--bind "$SANDBOX_HOME" /home/$USER \
		--setenv HOME /home/$USER \
		--setenv USER "$USER" \
		--setenv LOGNAME "$USER" \
		--setenv XDG_CONFIG_HOME /home/$USER/.config \
		--setenv XDG_DATA_HOME /home/$USER/.local/share \
		--setenv XDG_CACHE_HOME /home/$USER/.cache \
		--setenv XDG_RUNTIME_DIR "$RUNTIME" \
		$INTERNET_ACCESS \
		--bind "$RUNTIME" "$RUNTIME" \
		--bind "$EXPORT_DIR" /export \
		"$@"
	;;

volatile)
	
	mkdir -p "$EXPORT_DIR"

exec bwrap \
		--unshare-all \
		--new-session \
		$BASE_SYSTEM \
		--tmpfs /home \
		--dir /home/$USER \
		--setenv HOME /home/$USER \
		--setenv USER "$USER" \
		--setenv LOGNAME "$USER" \
		--setenv XDG_CONFIG_HOME /home/$USER/.config \
		--setenv XDG_DATA_HOME /home/$USER/.local/share \
		--setenv XDG_CACHE_HOME /home/$USER/.cache \
		--setenv XDG_RUNTIME_DIR "$RUNTIME" \
		$INTERNET_ACCESS \
		--bind "$RUNTIME" "$RUNTIME" \
		--bind "$EXPORT_DIR" /export \
		"$@"
	;;

*)
	echo "Unknown mode: '$MODE'"
	exit 1
	;;
esac

Filename: bucket.sh. Size: 2kb. View raw, , hex, or download this file.

This paste expires on 2026-02-25 21:30:56.575512+00:00. Pasted through v1-api.

Are you sure you'd like to remove this file?