diff options
author | Tom Smeding <tom@tomsmeding.com> | 2022-05-05 00:47:24 +0200 |
---|---|---|
committer | Tom Smeding <tom@tomsmeding.com> | 2022-10-26 19:47:00 +0200 |
commit | 7655fe2f9dd63f0e3cda07dab385af5308265786 (patch) | |
tree | 5db548d7913a88c48da158f60ca929ee132df1d9 | |
parent | 906a7a75bdbf856fac7795c4440f3c170878fe3d (diff) | |
download | bubblewrap-7655fe2f9dd63f0e3cda07dab385af5308265786.tar.gz |
--size: Update completions and documentation
Signed-off-by: Tom Smeding <tom@tomsmeding.com>
-rw-r--r-- | bwrap.xml | 26 | ||||
-rw-r--r-- | completions/bash/bwrap | 1 | ||||
-rw-r--r-- | completions/zsh/_bwrap | 21 |
3 files changed, 46 insertions, 2 deletions
@@ -207,6 +207,9 @@ (rwxr-xr-x). However, if a <option>--perms</option> option is in effect, and it sets the permissions for group or other to zero, then newly-created parent directories will also have their corresponding permission set to zero. + <option>--size</option> modifies the size of the created mount when preceding a + <option>--tmpfs</option> action; <option>--perms</option> and <option>--size</option> + can be combined. </para> <variablelist> <varlistentry> @@ -217,7 +220,24 @@ Subsequent operations are not affected: for example, <literal>--perms 0700 --tmpfs /a --tmpfs /b</literal> will mount <filename>/a</filename> with permissions 0700, then return to - the default permissions for <filename>/b</filename>.</para></listitem> + the default permissions for <filename>/b</filename>. + Note that <option>--perms</option> and <option>--size</option> can be + combined: <literal>--perms 0700 --size 10485760 --tmpfs /s</literal> will apply + permissions as well as a maximum size to the created tmpfs.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--size <arg choice="plain">BYTES</arg></option></term> + <listitem><para>This option does nothing on its own, and must be followed + by <literal>--tmpfs</literal>. It sets the size in bytes for the next tmpfs. + For example, <literal>--size 10485760 --tmpfs /tmp</literal> will create a tmpfs + at <filename>/tmp</filename> of size 10MiB. Subsequent operations are not + affected: for example, + <literal>--size 10485760 --tmpfs /a --tmpfs /b</literal> will mount + <filename>/a</filename> with size 10MiB, then return to the default size for + <filename>/b</filename>. + Note that <option>--perms</option> and <option>--size</option> can be + combined: <literal>--size 10485760 --perms 0700 --tmpfs /s</literal> will apply + permissions as well as a maximum size to the created tmpfs.</para></listitem> </varlistentry> <varlistentry> <term><option>--bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term> @@ -260,7 +280,9 @@ <listitem> <para>Mount new tmpfs on <arg choice="plain">DEST</arg>. If the previous option was <option>--perms</option>, it sets the - mode of the tmpfs. Otherwise, the tmpfs has mode 0755.</para> + mode of the tmpfs. Otherwise, the tmpfs has mode 0755. + If the previous option was <option>--size</option>, it sets the + size in bytes of the tmpfs. Otherwise, the tmpfs has the default size.</para> </listitem> </varlistentry> <varlistentry> diff --git a/completions/bash/bwrap b/completions/bash/bwrap index c57d9ab..e796be3 100644 --- a/completions/bash/bwrap +++ b/completions/bash/bwrap @@ -54,6 +54,7 @@ _bwrap() { --ro-bind --seccomp --setenv + --size --symlink --sync-fd --uid diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 1e365f0..f81ffaf 100644 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -1,11 +1,23 @@ #compdef bwrap +_bwrap_args_after_perms_size=( + # Please sort alphabetically (in LC_ALL=C order) by option name + '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' +) + _bwrap_args_after_perms=( # Please sort alphabetically (in LC_ALL=C order) by option name '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files' '--dir[Create dir at DEST]:directory to create:_files -/' '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' + '--size[Set size in bytes for next action argument]: :->after_perms_size' + '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' +) + +_bwrap_args_after_size=( + # Please sort alphabetically (in LC_ALL=C order) by option name + '--perms[Set permissions for next action argument]: :_guard "[0-7]#" "permissions in octal": :->after_perms_size' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' ) @@ -47,6 +59,7 @@ _bwrap_args=( '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' '--setenv[Set an environment variable]:variable to set:_parameters -g "*export*":value of variable: :' + '--size[Set size in bytes for next action argument]: :->after_size' '--symlink[Create symlink at DEST with target SRC]:symlink target:_files:symlink to create:_files:' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' @@ -73,6 +86,14 @@ _bwrap() { _values -S ' ' 'option' $_bwrap_args_after_perms ;; + after_size) + _values -S ' ' 'option' $_bwrap_args_after_size + ;; + + after_perms_size) + _values -S ' ' 'option' $_bwrap_args_after_perms_size + ;; + caps) # $ grep -E '#define\sCAP_\w+\s+[0-9]+' /usr/include/linux/capability.h | awk '{print $2}' | xargs echo local all_caps=( |