bubblewrap your openrc services

Go to file

Alex McGrath 1c10ee0fc1 also log stdout		2023-07-28 12:00:43 +01:00
LICENSE	initial commit	2023-07-26 12:56:13 +01:00
README.md	fmt	2023-07-26 13:04:04 +01:00
bwrap.confd	fmt	2023-07-26 13:04:04 +01:00
bwrap.initd	also log stdout	2023-07-28 12:00:43 +01:00

README.md

Bubblewrapped OpenRC scripts

This is a script to semi-easily bubblewrap your openrc scripts.

This is not very tested yet and I am quite bad at writing shell scripts so its probably not the best to use :)

Bubblewrap a script

To create a bubblewrapped script symlink the bwrap service to something like bwrap.$servicename

cd /etc/init.d
ln -s bwrap bwrap.servicename

Then copy the bwrap config file in /etc/conf.d/bwrap to /etc/conf.d/bwrap.servicename and configure it.

Example configuration for the Gonic music server

# user/group to run the service as
user=gonic
group=gonic
# the command that should be wrapped
wrapped_command="/usr/bin/gonic"
# the arguments passed to the wrapped command
wrapped_args="-music-path=/media/music -podcast-path=/media/podcasts -db-path=/var/lib/gonic/gonic.db -cache-path=/var/cache/gonic/"

# mounts that will be read only for the service
read_only_mounts="
/media/music
/media/podcasts
"

# writable mounts for the service
mounts="
/var/lib/gonic
/var/cache/gonic
"
# paths to check exist before starting the service in the format, passed to `checkpath`
# MODE PATH FILE_TYPE (f for file, d for directory)
checked_paths="
0755 /var/lib/gonic d
0755 /var/cache/gonic d
"

Attributions

Inspiration from qemu-openrc: https://github.com/jirutka/qemu-openrc/