Class: Bwrap::Args::Features::RubyBinds Private
- Defined in:
- lib/bwrap/args/features/ruby_binds.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Implementation for Ruby feature set.
Instance Attribute Summary collapse
-
#mounts ⇒ Object
readonly
private
Returns mounts needed by Ruby feature set.
Instance Method Summary collapse
-
#sitedir_mounts ⇒ Object
private
Bind system paths so scripts works inside sandbox.
-
#stdlib_mounts(stdlib) ⇒ Object
private
Create binds for required system libraries.
Methods inherited from BindsBase
Constructor Details
This class inherits a constructor from Bwrap::Args::Features::BindsBase
Instance Attribute Details
#mounts ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns mounts needed by Ruby feature set.
10 11 12 |
# File 'lib/bwrap/args/features/ruby_binds.rb', line 10 def mounts @mounts end |
Instance Method Details
#sitedir_mounts ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Bind system paths so scripts works inside sandbox.
13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/bwrap/args/features/ruby_binds.rb', line 13 def sitedir_mounts raise "@config is required" unless @config ruby_config = @config.features.ruby.ruby_config mounts = [] mounts << "--ro-bind" << ruby_config["sitedir"] << ruby_config["sitedir"] mounts << "--ro-bind" << ruby_config["rubyhdrdir"] << ruby_config["rubyhdrdir"] mounts << "--ro-bind" << ruby_config["rubylibdir"] << ruby_config["rubylibdir"] mounts << "--ro-bind" << ruby_config["vendordir"] << ruby_config["vendordir"] mounts end |
#stdlib_mounts(stdlib) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Create binds for required system libraries.
These are in path like /usr/lib64/ruby/2.5.0/x86_64-linux-gnu/, and as they are mostly shared libraries, they may have some extra dependencies that also need to be bound inside the sandbox.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/bwrap/args/features/ruby_binds.rb', line 32 def stdlib_mounts stdlib raise "@config is required" unless @config ruby_config = @config.features.ruby.ruby_config library_mounts = [] library = Bwrap::Resolvers::Library.new stdlib.each do |lib| path = "#{ruby_config["rubyarchdir"]}/#{lib}.so" library.needed_libraries(path).each do |requisite_library| library_mounts << "--ro-bind" << requisite_library << requisite_library end end library_mounts end |