cmd/flaunch: implement app bundle wrapper

This tool creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>

fst/config.go

@@ -70,8 +70,6 @@ type SandboxConfig struct {
 	Filesystem []*FilesystemConfig `json:"filesystem"`
 	// symlinks created inside the sandbox
 	Link [][2]string `json:"symlink"`
-	// read-only /etc directory
-	Etc string `json:"etc,omitempty"`
 	// automatically set up /etc symlinks
 	AutoEtc bool `json:"auto_etc"`
 	// paths to override by mounting tmpfs over them
@@ -129,11 +127,7 @@ func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
 	}
 
 	if !s.AutoEtc {
-		if s.Etc == "" {
 		conf.Dir("/etc")
-		} else {
-			conf.Bind(s.Etc, "/etc")
-		}
 	}
 
 	for _, c := range s.Filesystem {
@@ -153,11 +147,7 @@ func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
 	}
 
 	if s.AutoEtc {
-		if s.Etc == "" {
 		conf.Bind("/etc", Tmp+"/etc")
-		} else {
-			conf.Bind(s.Etc, Tmp+"/etc")
-		}
 
 		// link host /etc contents to prevent passwd/group from being overwritten
 		if d, err := os.ReadDir("/etc"); err != nil {

print.go

@@ -70,16 +70,7 @@ func printShow(instance *state.State, config *fst.Config, short bool) {
 			flags = append(flags, "none")
 		}
 		fmt.Fprintf(w, " Flags:\t%s\n", strings.Join(flags, " "))
-
-		etc := sandbox.Etc
-		if etc == "" {
-			etc = "/etc"
-		}
-		fmt.Fprintf(w, " Etc:\t%s\n", etc)
-
-		if len(sandbox.Override) > 0 {
 		fmt.Fprintf(w, " Overrides:\t%s\n", strings.Join(sandbox.Override, " "))
-		}
 
 		// Env           map[string]string   `json:"env"`
 		// Link          [][2]string         `json:"symlink"`