souk4711 / hakoniwa Goto Github PK

Hi

I have the start of a basic filesystem written in rust on top of the fuser rust wrappers for fuse3

I would like to combine that code with something that uses your code to isolate a proccess to run in the file system i provide

I mount my file system at "/home/will/projects/buildsystems/yaba/hi" and i can run commands that interact with that fs, i can also run the commands in "/home/will/projects/buildsystems/yaba/hi/usr/bin/"

eg

sh-5.2$ /home/will/projects/buildsystems/yaba/hi/usr/bin/ls
Cargo.lock  Cargo.toml	examples  hi  Readme.md  src  target

I looked at your examples and i cant find something that effectively pivot roots so had a go with the following

    sandbox.with_policy(SandboxPolicy::from_str(
        r#"
mounts = [
  { source = "/home/will/projects/buildsystems/yaba/hi"  , target = "/"  },
]
    "#,
    ).unwrap());

https://gitlab.com/girderstream/yet-another-build-app/-/commit/9c13a7646f1ec6d2d082ba6123a292245c00b6af#4ad8bc8a608cd170d23921a8583c12f260dbcf58_0_54

[2024-04-21T18:31:28Z INFO hakoniwa::executor] Result: {"status":"SE","reason":"mount(Some("/home/will/projects/buildsystems/yaba/hi"), "", None, MS_RDONLY | MS_NOSUID | MS_BIND | MS_REC, None) => ENOENT: No such file or directory","exit_code":null,"start_time":null,"real_time":null,"system_time":null,"user_time":null,"max_rss":null}

thread 'main' panicked at src/bin/yaba-exe.rs:72:5:
assertion left == right failed
left: SandboxSetupError
right: Ok

I will keep looking but i wondered if i was doing something obviously wrong?

anyway to have custom stdio pipe, like I wish to send stdio and stderr to websocket sink. Any guidance?

I want to share the net but don't want my sandbox application to bind a port.
Is there any way to achieve that?