isolated-protonmail-bridge/isolated-protonmail-bridge.sh

#!/usr/bin/env bash
set -euo pipefail

HERE="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
JAIL_HOME=/home/proton
DEFAULT_BIN=entrypoint.sh
BIN="${1:-${DEFAULT_BIN}}"

nsjail -Mo                                                                                     \
       --disable_clone_newnet                                                                  \
       --cwd "${JAIL_HOME}"                                                                    \
       --tmpfsmount /                                                                          \
       --tmpfsmount /tmp --tmpfsmount /run                                                     \
       --symlink /proc/self/fd:/dev/fd                                                         \
       --bindmount_ro "${HERE}/entrypoint.sh:${JAIL_HOME}/entrypoint.sh"                       \
       --bindmount_ro "${HERE}/gpg-keygen-params.txt:${JAIL_HOME}/gpg-keygen-params.txt"       \
       --bindmount_ro /bin --bindmount_ro /sbin                                                \
       --bindmount_ro /usr --bindmount_ro /lib --bindmount_ro /lib64                           \
       --bindmount_ro /dev/null --bindmount_ro /dev/urandom --bindmount_ro /dev/random         \
       --bindmount_ro /etc/resolv.conf                                                         \
       --env HOME=/home/proton                                                                 \
       --env PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin                 \
       --env BRIDGE_USER                                                                       \
       --env BRIDGE_PASS                                                                       \
       -- ${BIN}
Initial commit 2020-05-21 15:11:31 +00:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`HERE="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"`
			`JAIL_HOME=/home/proton`
			`DEFAULT_BIN=entrypoint.sh`
			`BIN="${1:-${DEFAULT_BIN}}"`

			`nsjail -Mo \`
			`--disable_clone_newnet \`
			`--cwd "${JAIL_HOME}" \`
			`--tmpfsmount / \`
			`--tmpfsmount /tmp --tmpfsmount /run \`
Fix bash process substitution by symlinking /dev/fd 2020-05-22 13:35:24 +00:00			`--symlink /proc/self/fd:/dev/fd \`
Initial commit 2020-05-21 15:11:31 +00:00			`--bindmount_ro "${HERE}/entrypoint.sh:${JAIL_HOME}/entrypoint.sh" \`
			`--bindmount_ro "${HERE}/gpg-keygen-params.txt:${JAIL_HOME}/gpg-keygen-params.txt" \`
			`--bindmount_ro /bin --bindmount_ro /sbin \`
			`--bindmount_ro /usr --bindmount_ro /lib --bindmount_ro /lib64 \`
			`--bindmount_ro /dev/null --bindmount_ro /dev/urandom --bindmount_ro /dev/random \`
Fix DNS resolution by including /etc/resolv.conf in jail 2020-05-22 13:34:40 +00:00			`--bindmount_ro /etc/resolv.conf \`
Initial commit 2020-05-21 15:11:31 +00:00			`--env HOME=/home/proton \`
			`--env PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin \`
Implement login workflow 2020-05-22 21:26:34 +00:00			`--env BRIDGE_USER \`
			`--env BRIDGE_PASS \`
Initial commit 2020-05-21 15:11:31 +00:00			`-- ${BIN}`