also log stdout
supervise processes
ro-bind /etc/ssl by default
This is a script to semi-easily bubblewrap your openrc scripts.
This is not very tested yet and I am quite bad at writing shell scripts so its probably not the best to use :)
To create a bubblewrapped script symlink the bwrap
service to something like bwrap.$servicename
cd /etc/init.d
ln -s bwrap bwrap.servicename
Then copy the bwrap config file in /etc/conf.d/bwrap
to /etc/conf.d/bwrap.servicename
and configure it.
# user/group to run the service as
user=gonic
group=gonic
# the command that should be wrapped
wrapped_command="/usr/bin/gonic"
# the arguments passed to the wrapped command
wrapped_args="-music-path=/media/music -podcast-path=/media/podcasts -db-path=/var/lib/gonic/gonic.db -cache-path=/var/cache/gonic/"
# mounts that will be read only for the service
read_only_mounts="
/media/music
/media/podcasts
"
# writable mounts for the service
mounts="
/var/lib/gonic
/var/cache/gonic
"
# paths to check exist before starting the service in the format, passed to `checkpath`
# MODE PATH FILE_TYPE (f for file, d for directory)
checked_paths="
0755 /var/lib/gonic d
0755 /var/cache/gonic d
"
Inspiration from qemu-openrc: https://github.com/jirutka/qemu-openrc/