“Do, or do not. There is no try.”
We’re setting out to change that.
Description
try lets you run a command and inspect its effects before changing your live system. try uses Linux’s namespaces (via unshare) and the overlayfs union filesystem.
Please note that try is a prototype and not a full sandbox, and should not be used to execute
commands that you don’t already trust on your system, (i.e. devices in /dev are
mounted in the sandbox, and network calls are all allowed.) Please do not
attempt any commands that will remove everything in /dev or write zeros to your
disks.
Getting Started
Dependencies
Has been tested on the following distributions:
Ubuntu 20.04 LTSor laterDebian 12Centos 9 Stream 5.14.0-325.el9Arch 6.1.33-1-ltsAlpine 6.1.34-1-ltsRocky 9 5.14.0-284.11.1.el9_2
Installing
You only need the try script, which you can download by cloning this repository:
$ git clone https://github.com/binpash/try.git
Example Usage
try is a higher-order command, like xargs, exec, nohup, or find. For example, to install a package via pip3, you can invoke try as follows:
$ try pip3 install libdash ... # output continued below
By default, try will ask you to commit the changes made at the end of its execution.
$ try -n "curl https://sh.rustup.rs | sh" /tmp/tmp.uCThKq7LBK
Alternatively, you can specify your own overlay directory as follows (note that you’ll have to create the sandbox directory first)
$ try -D rustup-sandbox "curl https://sh.rustup.rs | sh" $ ls rustup-sandbox temproot upperdir workdir
As you can see from the output above, try has created an overlay environment in the rustup-sandbox directory.
Manually inspecting upperdir reveals the changes to the files made inside the overlay during the execution of the previous command with try:
~/try/rustup-sandbox/upperdir$ du -hs . 1.2G .
You can inspect the changes made inside a given overlay directory using try:
$ try summary rustup-sandbox/ | head Changes detected in the following files: rustup-sandbox//upperdir/home/ubuntu/.profile (modified/added) rustup-sandbox//upperdir/home/ubuntu/.bashrc (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/update-hashes/stable-x86_64-unknown-linux-gnu (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/settings.toml (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/libstd-8389830094602f5a.so (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/lldb_commands (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/gdb_lookup.py (modified/added)
You can also choose to commit the overlay directory contents:
$ try commit rustup-sandbox
Known Issues
Any command that interacts with other users/groups will fail since only the
current user’s UID/GID are mapped. However, the future
branch has support for uid/mapping,
please refer to the that branch’s readme for installation instructions for the
uid/gidmapper.
Please also report any issue you run into while using the future branch!
Version History
- 0.1.0
- Initial Release
License
This project is licensed under the MIT License – see LICENSE for details.
Copyright (c) 2023 The PaSh Authors.
