ericonr
/
ericonr-gemini
mirror of https://github.com/ericonr/ericonr-gemini.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use bubblewrap to isolate lc19.

This commit is contained in:
Érico Nogueira 2021-10-24 17:59:53 -03:00
parent f61d1e1112
commit 9ff087020e
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -6,8 +6,8 @@ Create certs in `certs/` using with `generate.sh`, which requires
[x509cert(1)](https://x509cert.mforney.org/x509cert.1.html).
Copy [lc19](https://sr.ht/~thededem/lc19/) executable to directory, install
[s6-networking](https://skarnet.org/software/s6-networking/), and run
`host.sh`.
[s6-networking](https://skarnet.org/software/s6-networking/) and
[bubblewrap](https://github.com/containers/bubblewrap), and run `host.sh`.
#### void-docs

6
host.sh
View File

@ -2,4 +2,8 @@
exec env \
CERTFILE:void-docs.erico.dev=certs/cert2.pem KEYFILE:void-docs.erico.dev=certs/key2.pem \
KEYFILE=certs/key.pem CERTFILE=certs/cert.pem \
s6-tlsserver -k1 0.0.0.0 1965 ./lc19 --data-dir=gemini/
s6-tlsserver -k1 0.0.0.0 1965 \
bwrap --ro-bind /usr /usr --symlink usr/lib /lib \
--proc /proc --dev /dev \
--ro-bind $PWD/gemini /gemini --ro-bind $PWD/lc19 /lc19 --unshare-pid \
/lc19 --data-dir=/gemini