commit: cd118ac6a48e78a32681b7732f4a5a4094363464
parent cdcf5db3c559c40a4fdd3abba8c0fc535aa1d71c
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Tue, 5 Sep 2023 01:31:49 +0200
.local/bin/npm: Sandbox npm
Diffstat:
1 file changed, 14 insertions(+), 0 deletions(-)
diff --git a/.local/bin/npm b/.local/bin/npm
@@ -0,0 +1,14 @@
+#!/bin/execlineb -s0
+getcwd -E PWD
+bwrap
+ --die-with-parent
+ --unshare-all
+ --share-net
+ --ro-bind / / # On my ZFS machines that's just the OS, bind mounts doesn't recurses
+ --tmpfs /tmp
+ --dir /sysroot
+ --bind $PWD /sysroot
+ --chdir /sysroot
+ --proc /proc
+ --dev /dev
+ -- /usr/bin/npm "$@"
