diff options
author | Andrew Leeming <andrew.leeming@codethink.co.uk> | 2016-09-16 15:38:30 +0100 |
---|---|---|
committer | Andrew Leeming <andrew.leeming@codethink.co.uk> | 2016-09-16 15:38:30 +0100 |
commit | 7e3e7d7c590caea74eae749a7c2b67eefbe09fc2 (patch) | |
tree | 979c4172c0187efe80021d493c2d92dba9c7de14 | |
parent | 3272b430b5505d74662614043ea96dd37b60ec6a (diff) | |
download | sandboxlib-7e3e7d7c590caea74eae749a7c2b67eefbe09fc2.tar.gz |
Woop, works with direct tests
-rwxr-xr-x | run-sandbox | 2 | ||||
-rw-r--r-- | sandboxlib/bubblewrap.py | 7 |
2 files changed, 3 insertions, 6 deletions
diff --git a/run-sandbox b/run-sandbox index aa7c713..06582df 100755 --- a/run-sandbox +++ b/run-sandbox @@ -47,7 +47,7 @@ def parse_args(): help="current working directory for COMMAND") parser.add_argument( '--executor', '-e', - choices=['chroot', 'linux_user_chroot', 'linux-user-chroot'], + choices=['chroot', 'linux_user_chroot', 'linux-user-chroot', 'bubblewrap'], type=str, default='chroot', help="which sandboxing backend to use") diff --git a/sandboxlib/bubblewrap.py b/sandboxlib/bubblewrap.py index b1e1654..e914d7e 100644 --- a/sandboxlib/bubblewrap.py +++ b/sandboxlib/bubblewrap.py @@ -87,7 +87,7 @@ def run_sandbox(command, cwd=None, env=None, log = logging.getLogger("sandboxlib") log.warn("In sandbox fn, args") - log.warn("cmd: {}, cwd: {}, env: {}, filesystem_root: {}," \ + print("cmd: {}, cwd: {}, env: {}, filesystem_root: {}," \ "filesystem_writable_paths: {}, mounts: {}, extra_mounts: {}, "\ "network: {}, stderr: {}, stdout: {}".format( command, cwd, env, filesystem_root, filesystem_writable_paths, @@ -106,9 +106,6 @@ def run_sandbox(command, cwd=None, env=None, if cwd is not None: bwrap_command.extend(['--chdir', cwd]) - #FIXME the following only deals with the 'all' or [] cases currently - # Also bwrap is writable by default(?) so we need to blacklist non - # writable mounts instead of whitelisting these bwrap_command += process_writable_paths( filesystem_root, filesystem_writable_paths) @@ -117,7 +114,7 @@ def run_sandbox(command, cwd=None, env=None, bwrap_command.extend(['--ro-bind', ex_mnt, ex_mnt]) log.warn(bwrap_command) - argv = bwrap_command + [filesystem_root] + command + argv = bwrap_command + ["--ro-bind", "/", filesystem_root] + command print("run_command({}, {}, {}, {})" .format(argv, stdout, stderr, env)) #run_command(['/usr/bin/bwrap', '--bind', 'a', '--bind', 'l', '--bind', 'l', '/', 'echo', 'xyzzy'], -1, -1, None) |