Created
November 14, 2024 13:29
-
-
Save janvhs/eb32db927d394c7744d9e2367b5fe406 to your computer and use it in GitHub Desktop.
Sandboxed cargo and rust-analyzer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # cargo-secure | |
| # | |
| # Sandboxed version of cargo to calm my mind. | |
| # Adjust to your liking | |
| # | |
| set -eu -o pipefail | |
| bwrap \ | |
| --die-with-parent \ | |
| --new-session \ | |
| --unshare-ipc \ | |
| --unshare-pid \ | |
| --tmpfs / \ | |
| --tmpfs /run \ | |
| --dir /tmp \ | |
| --dev /dev \ | |
| --proc /proc \ | |
| --ro-bind /var /var \ | |
| --ro-bind /usr /usr \ | |
| --symlink usr/bin /bin \ | |
| --symlink usr/sbin /sbin \ | |
| --ro-bind /etc /etc \ | |
| --symlink usr/lib /lib \ | |
| --symlink usr/lib64 /lib64 \ | |
| --ro-bind "$HOME/bin" "$HOME/bin" \ | |
| --ro-bind "$HOME/.gitconfig" "$HOME/.gitconfig" \ | |
| --ro-bind "$HOME/.work.gitconfig" "$HOME/.work.gitconfig" \ | |
| --bind "$HOME/.cache" "$HOME/.cache" \ | |
| --bind "$HOME/.cargo" "$HOME/.cargo" \ | |
| --bind "$HOME/.rustup" "$HOME/.rustup" \ | |
| --bind "$(pwd)" "$(pwd)" \ | |
| -- \ | |
| cargo "$@" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # rust-analyzer-secure | |
| # | |
| # Sandboxed version of rust-analyzer to calm my mind. | |
| # Adjust to your liking | |
| # | |
| set -eu -o pipefail | |
| bwrap \ | |
| --die-with-parent \ | |
| --new-session \ | |
| --unshare-ipc \ | |
| --unshare-pid \ | |
| --tmpfs / \ | |
| --tmpfs /run \ | |
| --dir /tmp \ | |
| --dev /dev \ | |
| --proc /proc \ | |
| --ro-bind /var /var \ | |
| --ro-bind /usr /usr \ | |
| --symlink usr/bin /bin \ | |
| --symlink usr/sbin /sbin \ | |
| --ro-bind /etc /etc \ | |
| --symlink usr/lib /lib \ | |
| --symlink usr/lib64 /lib64 \ | |
| --ro-bind "$HOME/bin" "$HOME/bin" \ | |
| --ro-bind "$HOME/.gitconfig" "$HOME/.gitconfig" \ | |
| --ro-bind "$HOME/.work.gitconfig" "$HOME/.work.gitconfig" \ | |
| --bind "$HOME/.cache" "$HOME/.cache" \ | |
| --bind "$HOME/.cargo" "$HOME/.cargo" \ | |
| --bind "$HOME/.rustup" "$HOME/.rustup" \ | |
| --bind "$(pwd)" "$(pwd)" \ | |
| -- \ | |
| rust-analyzer "$@" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment