Class: Bwrap::Args::Construct

Inherits:
Object
  • Object
show all
Includes:
Mount, Output
Defined in:
lib/bwrap/args/construct.rb

Overview

Constructs arguments for bwrap execution.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Output

debug?, debug_output, error_output, handle_output_options, info_output, quiet?, trace?, trace_output, verb_output, verbose?, warn_output

Constructor Details

#initializeConstruct

Returns a new instance of Construct.



24
25
26
27
28
29
 
# File 'lib/bwrap/args/construct.rb', line 24

def initialize
  # If a key is not found, it is initialized with an empty array.
  @args = Bwrap::Args::Args.new

  @executable = Bwrap::Resolvers::Executable.new
end

Instance Attribute Details

#config=(value) ⇒ Object (writeonly)

Sets the attribute config

Parameters:

  • value

    the value to set the attribute config to.



22
23
24
 
# File 'lib/bwrap/args/construct.rb', line 22

def config=(value)
  @config = value
end

Instance Method Details

#bwrap_argumentsObject

Note:

Command given to Bwrap#run is set to Bind#command=.

Returns arguments to pass to bwrap.



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/bwrap/args/construct.rb', line 78

def bwrap_arguments
  args = []

  # @args.fetch() could be used here to ensure the key is present, so catching some extra typos,
  # but for now it is not used, for convenience.

  args += @args[:root_mount]
  args += @args[:xauthority]
  args += @args[:machine_id]
  args += @args[:resolv_conf]

  # bind.rb
  args += @args[:bindir]
  args += @args[:libdir]

  # This is what is given to Bwrap#run.
  args += @args[:given_command]

  args += @args[:extra_executable_libraries]
  args += @args[:library_feature_binds]
  args += @args[:extra_executable_mounts]

  args += @args[:feature_binds]

  args += @args[:custom_ro_binds]
  args += @args[:user_dir]

  args += @args[:audio]
  args += @args[:dev_mounts]
  args += @args[:proc_mount]
  args += @args[:tmp_mount]

  args += @args[:home_directory]

  args += @args[:unshare_all]

  args += @args[:network]

  args += @args[:hostname]
  args += @args[:environment]

  args += @args[:die_with_parent]
  args += @args[:new_session]

  args.compact
end

#calculateObject

Note:

Command given to Bwrap#run is set to Bind#command=.

Parses data given with Config so it can be outputted in proper order by #bwrap_arguments.



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/bwrap/args/construct.rb', line 46

def calculate
  create_objects

  # If necessary, first handle command passed to Bwrap#run so feature binds can utilize
  # the command.
  @bind.handle_given_command

  root_mount
  xauthority_args
  machine_id = @machine_id.machine_id
  @args.add :machine_id, machine_id if machine_id
  @network.resolv_conf
  @bind.handle_system_mounts
  @features.feature_binds
  @bind.custom_read_only_binds
  @user.create_user_dir
  @user.read_only_pulseaudio
  @bind.device_binds
  proc_mount
  tmp_as_tmpfs
  @bind.bind_home_directory
  @namespace.shares
  @network.share_net
  @network.hostname
  @args.add :environment, @environment.environment_variables
  @args.add :die_with_parent, "--die-with-parent" # For security, and as intuition says how things should work.
  @args.add :new_session, "--new-session" # Very important for security.
end

#cleanupObject

Performs cleanup operations after execution.



126
127
128
129
 
# File 'lib/bwrap/args/construct.rb', line 126

def cleanup
  @machine_id&.cleanup
  @bind&.cleanup
end

#command=(value) ⇒ Object

Note:

This is not used for anything vital, but some things, like setting Config#full_system_mounts= uses this to resolve some additional data.

Command that is executed inside bwrap sandbox.

Parameters:

  • value (Array, String)

    Command with arguments



38
39
40
 
# File 'lib/bwrap/args/construct.rb', line 38

def command= value
  @executable.command = value
end