#!/bin/sh
set -eu

tmp=$(mktemp)
cleanup()
{
	if [ -e "$tmp" ]; then
		rm "$tmp"
	fi
}
trap cleanup EXIT

rm "$tmp"
nix build -o "$tmp" .#discocaml
bindir="$(realpath "$tmp")/bin"

exec \
timeout 10 \
env -i \
"$(which bwrap)" --unshare-all --ro-bind "$bindir" "/" \
"/discocaml" "$@"