Last active
June 4, 2023 20:22
-
-
Save Thesola10/9f4445cbc2a840d5e0ebb4c9b3b55ae6 to your computer and use it in GitHub Desktop.
It's Nix in a Box!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# bwrap-nix (c) Karim Vergnes <me@thesola.io> | |
# It's Nix in a Box! (useful for an unprivileged Nix environment) | |
if [[ $# < 2 ]] | |
then | |
>&2 echo "usage: $0 <nix directory> <command> [args]..." | |
exit 1 | |
fi | |
NIX_DIR=$1 | |
shift 1 | |
exec \ | |
bwrap --ro-bind /usr /usr \ | |
--ro-bind /etc /etc \ | |
--bind /var /var \ | |
--bind /sys /sys \ | |
--bind /run /run \ | |
--bind /tmp /tmp \ | |
--symlink /usr/lib /lib \ | |
--symlink /usr/lib64 /lib64 \ | |
--symlink /usr/lib32 /lib32 \ | |
--symlink /usr/bin /bin \ | |
--symlink /usr/sbin /sbin \ | |
--dev /dev \ | |
--proc /proc \ | |
--bind $NIX_DIR /nix \ | |
"$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To "poke holes" into the sandbox and gain access to all devices, you will need to make the following change: