Use bubblewrap to isolate lc19.
This commit is contained in:
parent
f61d1e1112
commit
9ff087020e
|
@ -6,8 +6,8 @@ Create certs in `certs/` using with `generate.sh`, which requires
|
|||
[x509cert(1)](https://x509cert.mforney.org/x509cert.1.html).
|
||||
|
||||
Copy [lc19](https://sr.ht/~thededem/lc19/) executable to directory, install
|
||||
[s6-networking](https://skarnet.org/software/s6-networking/), and run
|
||||
`host.sh`.
|
||||
[s6-networking](https://skarnet.org/software/s6-networking/) and
|
||||
[bubblewrap](https://github.com/containers/bubblewrap), and run `host.sh`.
|
||||
|
||||
#### void-docs
|
||||
|
||||
|
|
6
host.sh
6
host.sh
|
@ -2,4 +2,8 @@
|
|||
exec env \
|
||||
CERTFILE:void-docs.erico.dev=certs/cert2.pem KEYFILE:void-docs.erico.dev=certs/key2.pem \
|
||||
KEYFILE=certs/key.pem CERTFILE=certs/cert.pem \
|
||||
s6-tlsserver -k1 0.0.0.0 1965 ./lc19 --data-dir=gemini/
|
||||
s6-tlsserver -k1 0.0.0.0 1965 \
|
||||
bwrap --ro-bind /usr /usr --symlink usr/lib /lib \
|
||||
--proc /proc --dev /dev \
|
||||
--ro-bind $PWD/gemini /gemini --ro-bind $PWD/lc19 /lc19 --unshare-pid \
|
||||
/lc19 --data-dir=/gemini
|
||||
|
|
Loading…
Reference in New Issue