diff options
| author | Nathan Ringo <nathan@remexre.com> | 2024-01-18 10:58:36 -0600 |
|---|---|---|
| committer | Nathan Ringo <nathan@remexre.com> | 2024-01-18 10:58:36 -0600 |
| commit | 00d0bfced902e97eeae5257c14134d4bc7efc710 (patch) | |
| tree | ee026f328614e03aec3ed373d9f2e6c8e255f834 /sandboxed-discocaml.sh | |
| parent | 7017762a4a38266aa88976be141f7bd663647edc (diff) | |
Commands to interact with discocaml, associated IPC.
Diffstat (limited to 'sandboxed-discocaml.sh')
| -rwxr-xr-x | sandboxed-discocaml.sh | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/sandboxed-discocaml.sh b/sandboxed-discocaml.sh new file mode 100755 index 0000000..04bd744 --- /dev/null +++ b/sandboxed-discocaml.sh @@ -0,0 +1,21 @@ +#!/bin/sh +set -eu + +tmp=$(mktemp) +cleanup() +{ + if [ -e "$tmp" ]; then + rm "$tmp" + fi +} +trap cleanup EXIT + +rm "$tmp" +nix build -o "$tmp" .#discocaml +bindir="$(realpath "$tmp")/bin" + +exec \ +timeout 10 \ +env -i \ +"$(which bwrap)" --unshare-all --ro-bind "$bindir" "/" \ +"/discocaml" "$@" |