Trying to print to a shared stdout is a terrible idea. This change makes it possible to withhold output for the lifetime of the sandbox.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Bwrap argument order determines the order their corresponding actions are performed. This allows generic arguments like tmpfs to the end of the stream to override bind mounts.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This configuration is not saved anywhere, and does not need to be saved. Bwrap configuration information is already saved into p.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Tests internal to the helper package sets crash-test-dummy as the command whenever a launch is expected to go through, and the hardcoded args are only valid for internal tests, so this characteristic is used here to exclude external tests that pass real program names and custom bwrap configurations.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
The stub child process simulates reading from the argument fd and copies the entire payload unmodified to stdout. If status pipe is enabled it will simulate sync fd behaviour as well.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
The previous code was poorly documented and made little sense in some parts. This is a generalised and cleaned up implementation in the helper package making use of the Args interface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This method of passing arguments is used in bubblewrap as well as other tools, this commit separates the argument builder/writer to the helper package and generalise it as an interface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
