From 674f40d027ece13daa78ef2a7d69c79f4198368a Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Fri, 2 Dec 2022 21:22:42 +0330
Subject: update

---
 seccomp/bwrap_generator.sh | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100755 seccomp/bwrap_generator.sh

(limited to 'seccomp/bwrap_generator.sh')

diff --git a/seccomp/bwrap_generator.sh b/seccomp/bwrap_generator.sh
new file mode 100755
index 0000000..53b3d0c
--- /dev/null
+++ b/seccomp/bwrap_generator.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env dash
+
+TEMP_LOG=/tmp/seccomp_logging_filter.bpf
+
+get_sos() {
+  SO_LIST=$(ldd "$1" | awk '{print $3}')
+  for SO in ${SO_LIST}; do
+    echo --ro-bind "${SO}" "${SO} \\"
+  done
+}
+
+make && ./seccomp_filter --filter logging > ${TEMP_LOG}
+
+echo "env -i \\"
+echo "bwrap \\"
+echo "--unshare-all --share-net \\"
+get_sos "$@"
+echo "--uid $(id -u) \\"
+echo "--gid $(id -g) \\"
+echo "--chdir ${SANDBOX_DIR_NAME} \\"
+echo "--bind $1 ${SANDBOX_DIR_NAME} \\"
+echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\"
+echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\"
+echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16 \\"
+echo "--seccomp 10 10<${TEMP_LOG} \\"
-- 
cgit v1.2.3