FlatImage
A configurable Linux containerization system
Loading...
Searching...
No Matches
Public Member Functions | List of all members
ns_bwrap::Bwrap Class Reference

Manages bubblewrap (bwrap) containerization. More...

#include <bwrap.hpp>

Public Member Functions

 Bwrap (ns_proxy::Logs logs, ns_proxy::User user, fs::path const &path_dir_root, fs::path const &path_file_program, std::vector< std::string > const &program_args, std::vector< std::string > const &program_env)
 Construct a new Bwrap object.
 
 ~Bwrap ()
 Destroy the Bwrap:: Bwrap object.
 
 Bwrap (Bwrap const &)=delete
 
 Bwrap (Bwrap &&)=delete
 
Bwrapoperator= (Bwrap const &)=delete
 
Bwrapoperator= (Bwrap &&)=delete
 
Bwrapwith_binds (ns_db::ns_bind::Binds const &binds)
 Allows to specify custom bindings from a json file.
 
Bwrapbind_home ()
 Includes a binding from the host $HOME to the guest.
 
Bwrapbind_media ()
 Binds the host's media directories to the guest.
 
Bwrapbind_audio ()
 Binds the host's audio sockets and devices to the guest.
 
Bwrapbind_wayland ()
 Binds the wayland socket from the host to the guest.
 
Bwrapbind_xorg ()
 Binds the xorg socket from the host to the guest.
 
Bwrapbind_dbus_user ()
 Binds the user session bus from the host to the guest.
 
Bwrapbind_dbus_system ()
 Binds the syst from the host to the guest.
 
Bwrapbind_udev ()
 binds the udev folder from the host to the guest
 
Bwrapbind_input ()
 Binds the input devices from the host to the guest.
 
Bwrapbind_usb ()
 Binds the usb devices from the host to the guest.
 
Bwrapbind_network ()
 Binds the network configuration from the host to the guest.
 
Bwrapbind_shm ()
 Binds the /dev/shm directory to the containter.
 
Bwrapbind_optical ()
 Binds optical devices to the container.
 
Bwrapbind_dev ()
 Binds the /dev directory to the containter.
 
Bwrapwith_bind_gpu (fs::path const &path_dir_root_guest, fs::path const &path_dir_root_host)
 Binds the gpu device from the host to the guest.
 
Bwrapwith_bind (fs::path const &src, fs::path const &dst)
 Includes a binding from the host to the guest.
 
Bwrapwith_bind_ro (fs::path const &src, fs::path const &dst)
 Includes a read-only binding from the host to the guest.
 
void set_overlay (ns_proxy::Overlay const &overlay)
 Enable bwrap's overlay filesystem.
 
Value< bwrap_run_ret_trun (Permissions const &permissions, Unshares const &unshares, fs::path const &path_file_daemon, ns_db::ns_portal::ns_dispatcher::Dispatcher const &arg1_dispatcher, ns_db::ns_portal::ns_daemon::Daemon const &arg1_daemon, ns_db::ns_portal::ns_daemon::ns_log::Logs const &arg2_daemon)
 Runs the command in the bubblewrap sandbox.
 

Detailed Description

Manages bubblewrap (bwrap) containerization.

Provides a high-level interface for configuring and running processes within isolated bubblewrap containers with customizable bindings, overlays, and permissions.

Definition at line 227 of file bwrap.hpp.

Constructor & Destructor Documentation

◆ Bwrap()

ns_bwrap::Bwrap::Bwrap ( ns_proxy::Logs logs,
ns_proxy::User user,
fs::path const & path_dir_root,
fs::path const & path_file_program,
std::vector< std::string > const & program_args,
std::vector< std::string > const & program_env )
inline

Construct a new Bwrap object.

Parameters
logsLog files used by bwrap (e.g., apparmor logs)
userThe user representation in the bubblewrap container
path_dir_rootPath to the sandbox root directory
path_file_programProgram to launch in the sandbox
program_argsArguments for the program launched in the sandbox
program_envEnvironment variables for the program launched in the sandbox

Definition at line 304 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ ~Bwrap()

ns_bwrap::Bwrap::~Bwrap ( )
inline

Destroy the Bwrap:: Bwrap object.

Definition at line 355 of file bwrap.hpp.

Here is the call graph for this function:

Member Function Documentation

◆ bind_audio()

Bwrap & ns_bwrap::Bwrap::bind_audio ( )
inlinenodiscard

Binds the host's audio sockets and devices to the guest.

The bindings are $XDG_RUNTIME_DIR/{/pulse/native,pipewire-0}

Returns
Bwrap& A reference to *this

Definition at line 592 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_dbus_system()

Bwrap & ns_bwrap::Bwrap::bind_dbus_system ( )
inlinenodiscard

Binds the syst from the host to the guest.

the binding is /run/dbus/system_bus_socket

Returns
bwrap& a reference to *this

Definition at line 718 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_dbus_user()

Bwrap & ns_bwrap::Bwrap::bind_dbus_user ( )
inlinenodiscard

Binds the user session bus from the host to the guest.

Requires the DBUS_SESSION_BUS_ADDRESS environment variable set

Returns
Bwrap& A reference to *this

Definition at line 678 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_dev()

Bwrap & ns_bwrap::Bwrap::bind_dev ( )
inlinenodiscard

Binds the /dev directory to the containter.

Superseeds all previous /dev related bindings

Returns
Bwrap& A reference to *this

Definition at line 845 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_home()

Bwrap & ns_bwrap::Bwrap::bind_home ( )
inlinenodiscard

Includes a binding from the host $HOME to the guest.

Returns
Bwrap& A reference to *this

Definition at line 556 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_input()

Bwrap & ns_bwrap::Bwrap::bind_input ( )
inlinenodiscard

Binds the input devices from the host to the guest.

The bindings are /dev/{input,uinput}

Returns
Bwrap& A reference to *this

Definition at line 746 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_media()

Bwrap & ns_bwrap::Bwrap::bind_media ( )
inlinenodiscard

Binds the host's media directories to the guest.

The bindings are /media, /run/media, and /mnt

Returns
Bwrap& A reference to *this

Definition at line 576 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_network()

Bwrap & ns_bwrap::Bwrap::bind_network ( )
inlinenodiscard

Binds the network configuration from the host to the guest.

The bindings are:

  • /etc/host.conf
  • /etc/hosts
  • /etc/nsswitch.conf
  • /etc/resolv.conf
Returns
Bwrap& A reference to *this

Definition at line 780 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_optical()

Bwrap & ns_bwrap::Bwrap::bind_optical ( )
inlinenodiscard

Binds optical devices to the container.

Grants access to optical devices such as CD and DVD drives. The maximum number of scsi devices is defined in the linux kernel as #define SR_DISKS 256.

Returns
Bwrap& A reference to *this

Definition at line 813 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_shm()

Bwrap & ns_bwrap::Bwrap::bind_shm ( )
inlinenodiscard

Binds the /dev/shm directory to the containter.

A tmpfs mount used for POSIX shared memory

Returns
Bwrap& A reference to *this

Definition at line 797 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_udev()

Bwrap & ns_bwrap::Bwrap::bind_udev ( )
inlinenodiscard

binds the udev folder from the host to the guest

The binding is /run/udev

Returns
Bwrap& A reference to *this

Definition at line 732 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_usb()

Bwrap & ns_bwrap::Bwrap::bind_usb ( )
inlinenodiscard

Binds the usb devices from the host to the guest.

The bindings are /dev/bus/usb and /dev/usb

Returns
Bwrap& A reference to *this

Definition at line 761 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_wayland()

Bwrap & ns_bwrap::Bwrap::bind_wayland ( )
inlinenodiscard

Binds the wayland socket from the host to the guest.

Requires the WAYLAND_DISPLAY variable set The binding is $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY

Returns
Bwrap& A reference to *this

Definition at line 621 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ bind_xorg()

Bwrap & ns_bwrap::Bwrap::bind_xorg ( )
inlinenodiscard

Binds the xorg socket from the host to the guest.

Requires the DISPLAY environment variable set Requires the XAUTHORITY environment variable set

Returns
Bwrap& A reference to *this

Definition at line 649 of file bwrap.hpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

Value< bwrap_run_ret_t > ns_bwrap::Bwrap::run ( Permissions const & permissions,
Unshares const & unshares,
fs::path const & path_file_daemon,
ns_db::ns_portal::ns_dispatcher::Dispatcher const & arg1_dispatcher,
ns_db::ns_portal::ns_daemon::Daemon const & arg1_daemon,
ns_db::ns_portal::ns_daemon::ns_log::Logs const & arg2_daemon )
inlinenodiscard

Runs the command in the bubblewrap sandbox.

Parameters
permissionsPermissions for the program (HOME, MEDIA, AUDIO, etc.), configured in bubblewrap
unsharesUnshare namespace options (USER, IPC, PID, NET, UTS, CGROUP)
path_file_daemonPath to the portal daemon executable
arg1_dispatcherDispatcher configuration for the portal communication (controls FIFO communication between host and container)
arg1_daemonDaemon host configuration for the portal (controls daemon communication settings)
arg2_daemonLog configuration for the portal daemon (specifies log file paths and settings)
Returns
Value<bwrap_run_ret_t> Return value containing exit code, syscall number, and errno on error

Definition at line 878 of file bwrap.hpp.

Here is the call graph for this function:

◆ set_overlay()

void ns_bwrap::Bwrap::set_overlay ( ns_proxy::Overlay const & overlay)
inline

Enable bwrap's overlay filesystem.

Parameters
overlayThe overlay configuration object

Definition at line 546 of file bwrap.hpp.

◆ with_bind()

Bwrap & ns_bwrap::Bwrap::with_bind ( fs::path const & src,
fs::path const & dst )
inlinenodiscard

Includes a binding from the host to the guest.

Parameters
srcSource of the binding from the host
dstDestination of the binding in the guest
Returns
Bwrap& A reference to *this

Definition at line 522 of file bwrap.hpp.

Here is the call graph for this function:

◆ with_bind_gpu()

Bwrap & ns_bwrap::Bwrap::with_bind_gpu ( fs::path const & path_dir_root_guest,
fs::path const & path_dir_root_host )
inlinenodiscard

Binds the gpu device from the host to the guest.

Parameters
path_dir_root_guestPath to the root directory of the sandbox
path_dir_root_hostPath to the root directory of the host system (from the guest)
Returns
Bwrap&

Definition at line 860 of file bwrap.hpp.

Here is the call graph for this function:

◆ with_bind_ro()

Bwrap & ns_bwrap::Bwrap::with_bind_ro ( fs::path const & src,
fs::path const & dst )
inlinenodiscard

Includes a read-only binding from the host to the guest.

Parameters
srcSource of the binding from the host
dstDestination of the binding in the guest
Returns
Bwrap& A reference to *this

Definition at line 535 of file bwrap.hpp.

Here is the call graph for this function:

◆ with_binds()

Bwrap & ns_bwrap::Bwrap::with_binds ( ns_db::ns_bind::Binds const & binds)
inlinenodiscard

Allows to specify custom bindings from a json file.

Parameters
path_file_bindingsPath to the json file which contains the bindings
Returns
Bwrap& A reference to *this

Definition at line 497 of file bwrap.hpp.

Here is the call graph for this function:
The documentation for this class was generated from the following file: