View paste VF6A

New paste Repaste Download

	`#!/bin/sh`

	`# -------------- Default Settings --------------`

	`MODE="normal"`
	`SESSION="$(id -un)"`
	`INTERNET_ACCESS="yes"`

	`# -------------- Argument Parsing --------------`

	`while [ $# -gt 0 ]; do`
	`case "$1" in`

	`--mode)`
	`MODE="$2"`
	`shift 2`
	`;;`

	`--session-name)`
	`SESSION="$2"`
	`shift 2`
	`;;`

	`--internet-access)`
	`case "$2" in`
	`1\|yes\|y)`
	`$INTERNET_ACCESS="yes"`
	`;;`
	`0\|no\|n)`
	`$INTERNET_ACCESS="no"`
	`;;`
	`*)`
	`echo "Usage: --internet-access {1\|yes\|y or 0\|no\|n}"`
	`exit 1`
	`;;`
	`esac`
	`shift 2`
	`;;`

	`--offline)`
	`$INTERNET_ACCESS="no"`
	`shift 2`
	`;;`


	`--)`
	`shift`
	`break`
	`;;`

	`*)`
	`break`
	`;;`
	`esac`
	`done`

	`if [ $# -eq 0 ]; then`
	`echo "Usage: sandbox.sh [--mode MODE] [--session-name NAME] -- command [args...]"`
	`exit 1`
	`fi`

	`USER="$(id -un)"`
	`HOME_REAL="$HOME"`
	`RUNTIME="$XDG_RUNTIME_DIR"`
	`SANDBOX_BASE="$HOME_REAL/.sandbox"`
	`EXPORT_DIR="$SANDBOX_BASE/export"`

	`#Networming toggle`
	`if [ "$INTERNET_ACCESS" = "no" ]; then`
	`NET_FLAG="--unshare-net"`
	`fi`

	`BASE_SYSTEM="`
	`--ro-bind /usr /usr`
	`--ro-bind /bin /bin`
	`--ro-bind /sbin /sbin`
	`--ro-bind /lib /lib`
	`--ro-bind /lib64 /lib64`
	`--ro-bind /etc /etc`
	`--proc /proc`
	`--dev /dev`
	`"`
	`#--dev-bind /dev/null /dev/null`
	`#--dev-bind /dev/dri /dev/dri`

	`# -------------- Modes --------------`

	`case "$MODE" in`

	`normal)`
	`exec "$@"`
	`;;`

	`contained)`
	`SANDBOX_HOME="$SANDBOX_BASE/contained/$SESSION"`

	`mkdir -p "$SANDBOX_HOME"/.config`
	`mkdir -p "$SANDBOX_HOME"/.local/share`
	`mkdir -p "$SANDBOX_HOME"/.cache`
	`mkdir -p "$EXPORT_DIR"`

	`exec bwrap \`
	`--unshare-pid \`
	`--unshare-uts \`
	`--unshare-ipc \`
	`$NET_FLAG \`
	`--new-session \`
	`$BASE_SYSTEM \`
	`--bind "$SANDBOX_HOME" /home/$USER \`
	`--setenv HOME /home/$USER \`
	`--setenv USER "$USER" \`
	`--setenv LOGNAME "$USER" \`
	`--setenv XDG_CONFIG_HOME /home/$USER/.config \`
	`--setenv XDG_DATA_HOME /home/$USER/.local/share \`
	`--setenv XDG_CACHE_HOME /home/$USER/.cache \`
	`--setenv XDG_RUNTIME_DIR "$RUNTIME" \`
	`$INTERNET_ACCESS \`
	`--bind "$RUNTIME" "$RUNTIME" \`
	`--bind "$EXPORT_DIR" /export \`
	`"$@"`
	`;;`

	`volatile)`

	`mkdir -p "$EXPORT_DIR"`

	`exec bwrap \`
	`--unshare-pid \`
	`--unshare-uts \`
	`--unshare-ipc \`
	`$NET_FLAG \`
	`--new-session \`
	`$BASE_SYSTEM \`
	`--tmpfs /home \`
	`--dir /home/$USER \`
	`--setenv HOME /home/$USER \`
	`--setenv USER "$USER" \`
	`--setenv LOGNAME "$USER" \`
	`--setenv XDG_CONFIG_HOME /home/$USER/.config \`
	`--setenv XDG_DATA_HOME /home/$USER/.local/share \`
	`--setenv XDG_CACHE_HOME /home/$USER/.cache \`
	`--setenv XDG_RUNTIME_DIR "$RUNTIME" \`
	`$INTERNET_ACCESS \`
	`--bind "$RUNTIME" "$RUNTIME" \`
	`--bind "$EXPORT_DIR" /export \`
	`"$@"`
	`;;`

	`*)`
	`echo "Unknown mode: '$MODE'"`
	`exit 1`
	`;;`
	`esac`

#!/bin/sh

# -------------- Default Settings --------------

MODE="normal"
SESSION="$(id -un)"
INTERNET_ACCESS="yes"

# -------------- Argument Parsing --------------

while [ $# -gt 0 ]; do
	case "$1" in
	
		--mode)
			MODE="$2"
			shift 2
			;;

--session-name)
			SESSION="$2"
			shift 2
			;;
	
		--internet-access)
			case "$2" in
				1|yes|y)
					$INTERNET_ACCESS="yes"
					;;
				0|no|n)
					$INTERNET_ACCESS="no"
					;;
				*)
					echo "Usage: --internet-access {1|yes|y or 0|no|n}"
					exit 1
					;;
			esac
			shift 2
			;;

--offline)
			$INTERNET_ACCESS="no"
			shift 2
			;;
			
	
		--)
			shift
			break
			;;
	
		*)
			break
			;;
	esac
done

if [ $# -eq 0 ]; then
	echo "Usage: sandbox.sh [--mode MODE] [--session-name NAME] -- command [args...]"
	exit 1
fi

USER="$(id -un)"
HOME_REAL="$HOME"
RUNTIME="$XDG_RUNTIME_DIR"
SANDBOX_BASE="$HOME_REAL/.sandbox"
EXPORT_DIR="$SANDBOX_BASE/export"

#Networming toggle
if [ "$INTERNET_ACCESS" = "no" ]; then
	NET_FLAG="--unshare-net"
fi

BASE_SYSTEM="
	--ro-bind /usr /usr
	--ro-bind /bin /bin
	--ro-bind /sbin /sbin
	--ro-bind /lib /lib
	--ro-bind /lib64 /lib64
	--ro-bind /etc /etc
	--proc /proc
	--dev /dev
"
	#--dev-bind /dev/null /dev/null
	#--dev-bind /dev/dri /dev/dri

# -------------- Modes --------------

case "$MODE" in

normal)
	exec "$@"
	;;

contained)
	SANDBOX_HOME="$SANDBOX_BASE/contained/$SESSION"

mkdir -p "$SANDBOX_HOME"/.config
	mkdir -p "$SANDBOX_HOME"/.local/share
	mkdir -p "$SANDBOX_HOME"/.cache
	mkdir -p "$EXPORT_DIR"

exec bwrap \
		--unshare-pid \
		--unshare-uts \
		--unshare-ipc \
		$NET_FLAG \
		--new-session \
		$BASE_SYSTEM \
		--bind "$SANDBOX_HOME" /home/$USER \
		--setenv HOME /home/$USER \
		--setenv USER "$USER" \
		--setenv LOGNAME "$USER" \
		--setenv XDG_CONFIG_HOME /home/$USER/.config \
		--setenv XDG_DATA_HOME /home/$USER/.local/share \
		--setenv XDG_CACHE_HOME /home/$USER/.cache \
		--setenv XDG_RUNTIME_DIR "$RUNTIME" \
		$INTERNET_ACCESS \
		--bind "$RUNTIME" "$RUNTIME" \
		--bind "$EXPORT_DIR" /export \
		"$@"
	;;

volatile)
	
	mkdir -p "$EXPORT_DIR"

exec bwrap \
		--unshare-pid \
		--unshare-uts \
		--unshare-ipc \
		$NET_FLAG \
		--new-session \
		$BASE_SYSTEM \
		--tmpfs /home \
		--dir /home/$USER \
		--setenv HOME /home/$USER \
		--setenv USER "$USER" \
		--setenv LOGNAME "$USER" \
		--setenv XDG_CONFIG_HOME /home/$USER/.config \
		--setenv XDG_DATA_HOME /home/$USER/.local/share \
		--setenv XDG_CACHE_HOME /home/$USER/.cache \
		--setenv XDG_RUNTIME_DIR "$RUNTIME" \
		$INTERNET_ACCESS \
		--bind "$RUNTIME" "$RUNTIME" \
		--bind "$EXPORT_DIR" /export \
		"$@"
	;;

*)
	echo "Unknown mode: '$MODE'"
	exit 1
	;;
esac

Filename: bucket.sh. Size: 3kb. View raw, , hex, or download this file.

This paste expires on 2026-02-26 12:52:40.580462+00:00. Pasted through v1-api.

Are you sure you'd like to remove this file?