1  use build_build::{
 2      root::Root,
 3      sandbox::{isolation::IsolationPath, SandboxCommand},
 4  };
 5  use std::{fs, io, time::SystemTime};
 6  
 7  fn inner_main() -> io::Result<()> {
 8      let root = Root::discover();
 9      root.enter();
10  
11      let time = SystemTime::now();
12      let tmp_dir = root.tmp_dir("sandbox-exec", &time);
13  
14      log::debug!("TMPDIR is {}", tmp_dir.display());
15  
16      let cmd = SandboxCommand::new("/bin/bash")
17          .args([
18              "-c",
19              "set -e; printenv > $TMPDIR/env.txt; find $TMPDIR > $TMPDIR/find.txt; echo $TMPDIR",
20          ])
21          .env("ABC", "DEF")
22          .env("TMPDIR", tmp_dir.as_path())
23          .pipe_stdout("stdout")
24          .pipe_stderr("stderr")
25          .allow_read_path(IsolationPath::dir("/"))
26          .deny_path(IsolationPath::dir(root.path()))
27          .allow_path(IsolationPath::dir(tmp_dir.as_path()));
28  
29      let out = cmd.run(&root)?;
30      log::debug!("status: {out:?}");
31  
32      if !out.status.success() {
33          tmp_dir.keep();
34      }
35  
36      let stdout = fs::read(&out.stdout)?;
37      for line in std::str::from_utf8(stdout.as_slice()).unwrap().lines() {
38          log::trace!("stdout: {line}");
39      }
40  
41      let stderr = fs::read(&out.stderr)?;
42      for line in std::str::from_utf8(stderr.as_slice()).unwrap().lines() {
43          log::trace!("stderr: {line}");
44      }
45  
46      Ok(())
47  }
48  
49  fn main() {
50      simple_logger::init_with_level(log::Level::Trace).unwrap();
51      inner_main().unwrap_or_else(|err| {
52          println!("{err}");
53      })
54  }