From 00d0bfced902e97eeae5257c14134d4bc7efc710 Mon Sep 17 00:00:00 2001
From: Nathan Ringo <nathan@remexre.com>
Date: Thu, 18 Jan 2024 10:58:36 -0600
Subject: Commands to interact with discocaml, associated IPC.

---
 sandboxed-discocaml.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100755 sandboxed-discocaml.sh

(limited to 'sandboxed-discocaml.sh')

diff --git a/sandboxed-discocaml.sh b/sandboxed-discocaml.sh
new file mode 100755
index 0000000..04bd744
--- /dev/null
+++ b/sandboxed-discocaml.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -eu
+
+tmp=$(mktemp)
+cleanup()
+{
+	if [ -e "$tmp" ]; then
+		rm "$tmp"
+	fi
+}
+trap cleanup EXIT
+
+rm "$tmp"
+nix build -o "$tmp" .#discocaml
+bindir="$(realpath "$tmp")/bin"
+
+exec \
+timeout 10 \
+env -i \
+"$(which bwrap)" --unshare-all --ro-bind "$bindir" "/" \
+"/discocaml" "$@"
-- 
cgit v1.2.3