Implement config file parsing and precedence with CLI

2026-03-31 01:22:08 +02:00
parent f1d7a14b8d
commit 0119834d5a
9 changed files with 746 additions and 135 deletions
@@ -7,12 +7,22 @@ pub enum SandboxError {
    BwrapNotFound,
    CommandNotFound(PathBuf),
    CommandNotExecutable(PathBuf),
-    RwPathMissing(PathBuf),
-    RoPathMissing(PathBuf),
+    PathMissing(PathBuf),
    ChdirMissing(PathBuf),
    CurrentDirUnavailable(std::io::Error),
    GlobPattern(glob::PatternError),
    Io(std::io::Error),
+    ConfigRead {
+        path: PathBuf,
+        source: std::io::Error,
+    },
+    ConfigParse {
+        path: PathBuf,
+        source: toml::de::Error,
+    },
+    ProfileNotFound(String),
+    ConflictingMode,
+    ConfigPathNotAbsolute(PathBuf),
 }

 impl std::fmt::Display for SandboxError {
@@ -34,12 +44,25 @@ impl std::fmt::Display for SandboxError {
            Self::CommandNotExecutable(p) => {
                write!(f, "command is not executable: {}", p.display())
            }
-            Self::RwPathMissing(p) => write!(f, "--rw path does not exist: {}", p.display()),
-            Self::RoPathMissing(p) => write!(f, "--ro path does not exist: {}", p.display()),
+            Self::PathMissing(p) => write!(f, "path does not exist: {}", p.display()),
            Self::ChdirMissing(p) => write!(f, "--chdir path does not exist: {}", p.display()),
            Self::CurrentDirUnavailable(e) => write!(f, "cannot determine current directory: {e}"),
            Self::GlobPattern(e) => write!(f, "invalid glob pattern: {e}"),
            Self::Io(e) => write!(f, "I/O error: {e}"),
+            Self::ConfigRead { path, source } => {
+                write!(f, "cannot read config file '{}': {source}", path.display())
+            }
+            Self::ConfigParse { path, source } => {
+                write!(f, "cannot parse config file '{}': {source}", path.display())
+            }
+            Self::ProfileNotFound(name) => write!(f, "profile not found in config: {name}"),
+            Self::ConflictingMode => write!(
+                f,
+                "config section sets both blacklist and whitelist to true"
+            ),
+            Self::ConfigPathNotAbsolute(p) => {
+                write!(f, "config path is not absolute: {}", p.display())
+            }
        }
    }
 }
@@ -50,6 +73,8 @@ impl std::error::Error for SandboxError {
            Self::CurrentDirUnavailable(e) => Some(e),
            Self::GlobPattern(e) => Some(e),
            Self::Io(e) => Some(e),
+            Self::ConfigRead { source, .. } => Some(source),
+            Self::ConfigParse { source, .. } => Some(source),
            _ => None,
        }
    }