aboutsummaryrefslogtreecommitdiffstats
path: root/seccomp/bwrap_generator.sh
blob: 02b6ade01fa448214ae1d263afc1b46dc6143d9a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/usr/bin/env dash

TEMP_LOG=/tmp/seccomp_logging_filter.bpf

get_sos() {
  SO_LIST=$(ldd "$1" | awk '{print $3}')
  for SO in ${SO_LIST}; do
    echo --ro-bind "${SO}" "${SO} \\"
  done
}

make && ./seccomp_filter --filter logging > ${TEMP_LOG}

echo "env -i \\"
echo "bwrap \\"
echo "--unshare-all --share-net \\"
get_sos "$@"
echo "--uid $(id -u) \\"
echo "--gid $(id -g) \\"
echo "--chdir ${SANDBOX_DIR_NAME} \\"
echo "--bind $1 ${SANDBOX_DIR_NAME} \\"
echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\"
echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\"
echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \\"
echo "--seccomp 9 9<${TEMP_LOG} \\"
echo "$1"