aboutsummaryrefslogtreecommitdiff
path: root/.config/nixpkgs/shells/bubblewrap/shell.nix
diff options
context:
space:
mode:
Diffstat (limited to '.config/nixpkgs/shells/bubblewrap/shell.nix')
-rw-r--r--.config/nixpkgs/shells/bubblewrap/shell.nix36
1 files changed, 36 insertions, 0 deletions
diff --git a/.config/nixpkgs/shells/bubblewrap/shell.nix b/.config/nixpkgs/shells/bubblewrap/shell.nix
new file mode 100644
index 0000000..aee8a8b
--- /dev/null
+++ b/.config/nixpkgs/shells/bubblewrap/shell.nix
@@ -0,0 +1,36 @@
+let
+
+ # nix-shell -E 'import (builtins.fetchurl "$url")'
+ # https://github.com/containers/bubblewrap/blob/main/demos/bubblewrap-shell.sh
+ # https://manpages.debian.org/testing/bubblewrap/bwrap.1.en.html
+
+ name = "nix-shell.bubblewrap";
+
+ pkgs = import (builtins.fetchTarball {
+ url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz";
+ sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg";
+ }) { };
+
+ bubblewrap = arguments@{ ... }: pkgs.writeShellApplication {
+ inherit name;
+ text = ''
+ PATH=${pkgs.lib.strings.makeBinPath [ pkgs.bubblewrap ]}
+ bwrap \
+ '' + pkgs.lib.strings.concatStringsSep " \\\n"
+ (pkgs.lib.attrsets.mapAttrsToList (argument: value: "--${argument} ${value} ")
+ arguments) + "/bin/sh\n";
+ };
+
+ jail = bubblewrap {
+ clearenv = "";
+ setenv = "PATH ${pkgs.lib.strings.makeBinPath [ pkgs.busybox ]}";
+ ro-bind = "/nix /nix" + " --ro-bind /bin /bin";
+ };
+
+in pkgs.mkShell {
+ inherit name;
+ shellHook = ''
+ printf '%s\n' "${jail}/bin/${jail.name}"
+ exec "${jail}/bin/${jail.name}"
+ '';
+}
generated by cgit v1.2.3 (git 2.39.0) at 2024-04-28 03:40:52 +0000