2015-04-22 14:50:49 +02:00
|
|
|
{ writeText, writeScriptBin, stdenv, ruby } : { env, runScript } :
|
2015-02-05 16:14:28 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
name = env.pname;
|
|
|
|
|
|
|
|
# Sandboxing script
|
2015-04-22 14:50:49 +02:00
|
|
|
chroot-user = writeScriptBin "chroot-user" ''
|
|
|
|
#! ${ruby}/bin/ruby
|
|
|
|
${builtins.readFile ./chroot-user.rb}
|
|
|
|
'';
|
2015-02-05 16:14:28 +01:00
|
|
|
|
2015-04-22 14:50:49 +02:00
|
|
|
init = writeText "init" ''
|
|
|
|
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
|
|
|
|
shift
|
|
|
|
exec "${runScript}" "$@"
|
|
|
|
'';
|
2015-02-05 16:14:28 +01:00
|
|
|
|
2015-04-22 14:50:49 +02:00
|
|
|
in writeScriptBin name ''
|
|
|
|
#! ${stdenv.shell}
|
|
|
|
exec ${chroot-user}/bin/chroot-user ${env} bash -l ${init} "$(pwd)" "$@"
|
|
|
|
''
|