61 lines
719 B
Bash
61 lines
719 B
Bash
|
set -xeuo pipefail
|
||
|
|
||
|
(exec bwrap \
|
||
|
--ro-bind \
|
||
|
/usr \
|
||
|
/usr \
|
||
|
--dir \
|
||
|
/tmp \
|
||
|
--dir \
|
||
|
/var \
|
||
|
--symlink \
|
||
|
../tmp \
|
||
|
/var/tmp \
|
||
|
--proc \
|
||
|
/proc \
|
||
|
--dev \
|
||
|
/dev \
|
||
|
--ro-bind \
|
||
|
/etc/resolv.conf \
|
||
|
/etc/resolv.conf \
|
||
|
--ro-bind \
|
||
|
/nix \
|
||
|
/nix \
|
||
|
--symlink \
|
||
|
usr/lib \
|
||
|
/lib \
|
||
|
--symlink \
|
||
|
usr/lib64 /lib64 \
|
||
|
--symlink \
|
||
|
usr/bin \
|
||
|
/bin \
|
||
|
--symlink \
|
||
|
usr/sbin \
|
||
|
/sbin \
|
||
|
--chdir \
|
||
|
/app \
|
||
|
--unshare-all \
|
||
|
--die-with-parent \
|
||
|
--clearenv \
|
||
|
--bind \
|
||
|
/run/user/1000/.tmpeQrbnA \
|
||
|
/app \
|
||
|
--dir \
|
||
|
/run/user/1000 \
|
||
|
--setenv \
|
||
|
HOME \
|
||
|
/run/user/1000/home \
|
||
|
--setenv \
|
||
|
XDG_RUNTIME_DIR \
|
||
|
/run/user/1000 \
|
||
|
--file \
|
||
|
11 \
|
||
|
/etc/passwd \
|
||
|
--file \
|
||
|
12 \
|
||
|
/etc/group \
|
||
|
/bin/bash \
|
||
|
) \
|
||
|
11< <(getent passwd $UID 65534) \
|
||
|
12< <(getent group $(id -g) 65534)
|