Add option to pass through arguments to brwap, use shlex for dry-run

2026-04-04 08:41:40 +02:00
parent 8958f79ece
commit 8ecba5d6dc
8 changed files with 75 additions and 3 deletions
--- a/src/config.rs
+++ b/src/config.rs
@@ -37,7 +37,12 @@ pub fn build(args: Args, file_config: Option<FileConfig>) -> Result<SandboxConfi
        chdir: resolve_chdir(args.chdir, profile.chdir, globals.chdir)?,
        extra_rw: merge_paths(args.extra_rw, &profile.rw, &globals.rw)?,
        extra_ro: merge_paths(args.extra_ro, &profile.ro, &globals.ro)?,
-        mask: merge_mask(args.mask, &profile.mask, &globals.mask),
+        mask: merge_vecs(args.mask, &profile.mask, &globals.mask),
+        bwrap_args: split_bwrap_args(merge_vecs(
+            args.bwrap_args,
+            &profile.bwrap_args,
+            &globals.bwrap_args,
+        ))?,
        command,
        command_args,
    })
@@ -99,7 +104,17 @@ fn merge_paths(
    Ok(config_paths.chain(cli_paths).collect())
 }

-fn merge_mask(cli: Vec<PathBuf>, profile: &[PathBuf], globals: &[PathBuf]) -> Vec<PathBuf> {
+fn split_bwrap_args(raw: Vec<String>) -> Result<Vec<String>, SandboxError> {
+    let mut out = Vec::new();
+    for value in &raw {
+        let words =
+            shlex::split(value).ok_or_else(|| SandboxError::InvalidBwrapArg(value.clone()))?;
+        out.extend(words);
+    }
+    Ok(out)
+}
+
+fn merge_vecs<T: Clone>(cli: Vec<T>, profile: &[T], globals: &[T]) -> Vec<T> {
    globals.iter().chain(profile).cloned().chain(cli).collect()
 }

@@ -204,6 +219,8 @@ pub struct Options {
    pub ro: Vec<PathBuf>,
    #[serde(default)]
    pub mask: Vec<PathBuf>,
+    #[serde(default)]
+    pub bwrap_args: Vec<String>,
 }

 impl Options {