From 00998d2b3d4e388d463788b7ad049322d49d2a70 Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa@gmail.com>
Date: Thu, 27 Feb 2025 11:01:39 -0500
Subject: [PATCH] provide example script

---
 examples/bwrap-sandbox.sh | 55 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100755 examples/bwrap-sandbox.sh

diff --git a/examples/bwrap-sandbox.sh b/examples/bwrap-sandbox.sh
new file mode 100755
index 0000000..4b4786c
--- /dev/null
+++ b/examples/bwrap-sandbox.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Copyright (C) John Turner 2023
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+wayland_sandbox_socket="${XDG_RUNTIME_DIR}/$(mktemp -u wayland-sandbox-XXXXXXX.sock)" || exit $?
+
+close_pipe=$(mktemp -u) || exit $?
+
+mkfifo ${close_pipe} || exit $?
+
+exec {close_fd}<>${close_pipe}
+
+wayland-sandbox  ${wayland_sandbox_socket} ${close_fd} || exit $?
+
+bwrap \
+     --unshare-all \
+     --die-with-parent \
+     --setenv BWRAP 1 \
+     --dev /dev \
+     --proc /proc \
+     --clearenv \
+     --setenv XDG_RUNTIME_DIR ${XDG_RUNTIME_DIR} \
+     --setenv XDG_SESSION_TYPE wayland \
+     --setenv WAYLAND_DISPLAY ${wayland_sandbox_socket} \
+     --setenv TERM ${TERM} \
+     --setenv COLORTERM ${COLORTERM} \
+     --tmpfs /tmp \
+     --tmpfs /mnt/sandbox \
+     --tmpfs ${HOME} \
+     --tmpfs ${XDG_RUNTIME_DIR} \
+     --bind ${wayland_sandbox_socket} ${wayland_sandbox_socket} \
+     --ro-bind /lib /lib \
+     --ro-bind /lib64 /lib64 \
+     --ro-bind /bin /bin \
+     --ro-bind /sbin /sbin \
+     --ro-bind /usr /usr \
+     --ro-bind /etc /etc \
+     --ro-bind /var /var \
+     "$@"
+
+echo 1 > ${close_pipe}
+rm ${close_pipe}
+rm ${wayland_sandbox_socket}
-- 
2.39.5