drop/base.example.toml at main · wrr/drop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
################################################################
# Drop sandbox base configuration file.
# Environment-specific config files by default extend this file.
################################################################

# Directories and files exposed to Drop.
#
# Entries can have a compact string syntax, like:
#
# "~/bin" - expose ~/bin directory as read-only. Directories are
#           exposed with all content, including sub-directories.
# "~/bin:~/bin-host" - expose ~/bin directory as read-only ~/bin-host.
# "~/plan::rw" - expose ~/plan file as writable.
# "~/plan:~/plan-host:rw" - expose ~/plan file as writable ~/plan-host.
#
# Alternatively, a verbose dictionary syntax can be used; it allows
# handling paths with ':' characters. Equivalents of the examples
# above with the verbose syntax are:
#
# {source="~/bin"}
# {source="~/bin", target="~/host-bin"}
# {source="~/plan", rw=true}
# {source="~/plan", target="~/host-plan", rw=true}
#
# All paths must be normalized and either start with / or ~/.
#
# Be sure not to expose files with secrets or other sensitive
# data. Configs without sensitive data are safe to expose as read-only.
#
# Use files exposed as read-write carefully and sparingly - untrusted
# programs should not be able to write files that are executed outside
# of the sandbox. Shell config scripts are executed by the host, so
# exposing them as read-write would let sandboxed programs inject
# commands that run outside the sandbox. Read-only is safe.
# Similarly, entries from ~/.bash_history can be executed, so it is
# best not to expose history, but allow shells in Drop environments
# to create isolated history files, one per each environment.
mounts = [
  "~/.ackrc",
  "~/.emacs",
  "~/.profile",
  "~/.gitconfig", # Remove if you keep secrets in .gitconfig
  "~/go",
  "~/.nvm",
  "~/.screenrc",
  "~/.bashrc", # Ensure there are no secrets in your shell config files
  "~/.bash_logout",
  "~/.bash_profile",
  "~/.zlogin",
  "~/.zshrc",
  "~/.local/bin:~/.local-host/bin", # Rename .local/bin from host, so sandbox has own, writeable .local/bin
  "~/.local/include:~/.local-host/include",
  "~/.local/lib:~/.local-host/lib",
]

# Paths to dirs or files to block access to.
#
# Host filesystem access restrictions still apply in Drop, so you
# don't need to block files your current user already can't access
# (for example /etc/shadow). Drop also mounts almost
# all dirs read-only, so you don't need to include files just to block
# writing to them.
blocked_paths = []

[environ]
# Environment variables to expose from the process starting Drop to
# the sandbox. You can use glob patterns to expose all variables with
# common prefix/suffix.
#
# Do not expose variables containing secrets. Expose all
# other variables needed for convenient work.
exposed_vars = [
  "XDG_DATA_HOME",
  "XDG_CONFIG_HOME",
  "XDG_STATE_HOME",
  "XDG_DATA_DIRS",
  "XDG_CONFIG_DIRS",
  "XDG_CACHE_HOME",
  "XDG_RUNTIME_DIR",
  "SHELL",
  "LC_*",
  "XTERM_SHELL",
  "EDITOR",
  "PWD",
  "LOGNAME",
  "HOME",
  "LANG",
  "LESSCLOSE",
  "LESSOPEN",
  "LS_COLORS",
  "XTERM_LOCALE",
  "TERM",
  "USER",
  "SHLVL",
  "PATH",
]

# New environment variables passed to the sandboxed process.
# Values can include existing vars as ${VAR_NAME}
set_vars = [
  "debian_chroot=drop", # Add '(drop)' prefix to shell prompts on Debian-based systems
  "PATH=${PATH}:${HOME}/.local-host/bin", # Add .local/bin from host (mounted as .local-host/bin) to PATH.
]

[net]
# Network mode:
# "off"      - programs in the sandbox cannot access remote and local
#              network services. Ports opened by the programs are not
#              accessible from the host.
# "isolated" - programs in the sandbox can access remote services.
#              Port mapping settings below determine which services
#              running in the sandbox can be accessed from the host and
#              which services running on the host can be accessed from
#              the sandbox.
mode = "isolated"

# TCP ports published from the sandbox.
#
# Entries have the form: [host_ip/][HOST_PORT:]DROP_PORT
# If host_ip is not specified, it defaults to 127.0.0.1.
# If HOST_PORT is not specified, it defaults to DROP_PORT.
# Empty list means no ports are exposed.
# Example valid list items:
# "8080" - publish port 8080 from the sandbox as 127.0.0.1:8080 on the host
# "8080:8000" - publish port 8000 from the sandbox as 127.0.0.1:8080
#               on the host
# "0.0.0.0/8080:8000" - publish port 8000 from the sandbox as 8080 on
#                       the host, bind it to all the host's IP
#                       addresses. This makes the port externally
#                       accessible if the host has no firewall rules
#                       to block outside traffic to this port
# "auto" - all ports open in the sandbox are automatically published
#          and bound to ALL the host's IP addresses. This is
#          convenient, but must be used with care, make sure the host
#          has firewall configured to filter outside traffic.
tcp_published_ports = []
# UDP ports published from the sandbox.
udp_published_ports = []

# Localhost TCP ports open on the host that the sandbox can access.
# Entries have the form
# HOST_PORT[:DROP_PORT]
# If DROP_PORT is not specified, it defaults to HOST_PORT
tcp_host_ports = []
# Localhost UDP ports open on the host that the sandbox can access.
udp_host_ports = []