Boxxy puts bad Linux applications in a box with only their files.

Related tags

Command-line boxxy
Overview

boxxy

boxxy is a tool for boxing up misbehaving Linux applications and forcing them to put their files and directories in the right place, without symlinks!

Linux-only! boxxy uses Linux namespaces for its functionality.

For example, consider tmux. It wants to put its config in ~/.tmux.conf. With boxxy, you can put its config in ~/.config/tmux/tmux.conf instead:

# ~/.config/boxxy/boxxy.yaml
rules:
- name: "redirect tmux config from ~/.tmux.conf to ~/.config/tmux/tmux.conf"
  target: "~/.tmux.conf"
  rewrite: "~/.config/tmux/tmux.conf"
  mode: "file"

asciicast

motivation

I recently had to use the AWS CLI. It wants to save data in ~/.aws, but I don't want it to just clutter up my $HOME however it wants. boxxy lets me force it to puts its data somewhere nice and proper.

features

  • box any program and force it to put its files/directories where you want it to
  • context-dependent boxing, ie different rules apply in different directories depending on your configuration
  • minimal overhead
  • opt-in immutable fs outside of rule rewrites, ie only the files/directories you specify in rules are writable

potential drawbacks

  • new project, 0.x.y, comes with all those warnings
  • cannot use sudo inside the container (see #6)
  • primarily tested for my use-cases

example usage

loaded 1 rules INFO boxxy::enclosure > applying rule 'Store AWS CLI config in ~/.config/aws' INFO boxxy::enclosure > redirect: ~/.aws -> ~/.config/aws INFO boxxy::enclosure > boxed "aws" ♥ AWS Access Key ID [****************d]: a AWS Secret Access Key [****************c]: b Default region name [b]: c Default output format [a]: d git:(mistress) | ▶ ls ~/.aws git:(mistress) | ▶ ls ~/.config/aws config credentials git:(mistress) | ▶ cat ~/.config/aws/config [default] region = c output = d git:(mistress) | ▶">
git:(mistress) | ▶  cat ~/.config/boxxy/boxxy.yaml
rules:
- name: "Store AWS CLI config in ~/.config/aws"
  target: "~/.aws"
  rewrite: "~/.config/aws"

git:(mistress) | ▶  boxxy aws configure
 INFO  boxxy > loaded 1 rules
 INFO  boxxy::enclosure > applying rule 'Store AWS CLI config in ~/.config/aws'
 INFO  boxxy::enclosure > redirect: ~/.aws -> ~/.config/aws
 INFO  boxxy::enclosure > boxed "aws" ♥
AWS Access Key ID [****************d]: a
AWS Secret Access Key [****************c]: b
Default region name [b]: c
Default output format [a]: d
git:(mistress) | ▶  ls ~/.aws
git:(mistress) | ▶  ls ~/.config/aws
config  credentials
git:(mistress) | ▶  cat ~/.config/aws/config
[default]
region = c
output = d
git:(mistress) |

suggested usage

  • alias aws="boxxy aws" (repeat for other tools)
  • use contexts to keep project configs separate on disk
  • dotfiles!
  • stop using symlinks!!!

configuration

The boxxy configuration file lives in ~/.config/boxxy/boxxy.yaml. If none exists, an empty one will be created for you.

rules:
# The name of the rule. User-friendly name for your reference
- name: "redirect aws-cli from ~/.aws to ~/.config/aws"
  # The target of the rule, ie the file/directory that will be shadowed by the
  # rewrite.
  target: "~/.aws"
  # The rewrite of the rule, ie the file/directory that will be used instead of
  # the target.
  rewrite: "~/.config/aws"
- name: "use different k8s configs when in ~/Projects/my-cool-startup"
  target: "~/.kube/config"
  rewrite: "~/Projects/my-cool-startup/.kube/config"
  # The context for the rule. Any paths listed in the context are paths where
  # this rule will apply. If no context is specified, the rule applies
  # globally.
  context:
  - "~/Projects/my-cool-startup"
  # The mode of this rule, either `directory` or `file`. `directory` is the
  # default. Must be specified for the correct behaviour when the target is a
  # file. Required because the target file/directory may not exist yet.
  mode: "file"
  # The list of commands that this rule applies to. If no commands are
  # specified, the rule applies to all programs run with boxxy.
  only:
  - "kubectl"

syntax

rules:
- name: "any valid string" # required
  target: "path" # required
  rewrite: "path" # required
  context: # optional
  - "path"
  - "path"
  mode: "directory | file" # optional
  only: # optional
  - "binary name"
  - "binary name"

developing

  1. set up pre-commit: pre-commit install
  2. make sure it builds: cargo build
  3. do the thing!
  4. test with the command of your choice, ex. cargo run -- ls -lah ~/.config

how does it work?

  • create temporary directory in /tmp
  • set up new user/mount namespace
  • bind-mount / to tmp directory
  • bind-mount rule mounts rw so that target programs can use them
  • remount / ro
  • run!
Comments
  • Run graphical applications.

    Run graphical applications.

    I recently tried to box a graphical application (Bitwig Studio) and it throws an error cannot open display :0.

    Would it be possible to add support for graphical applications?

    Is there a work-around?

    opened by vagos 7
  • Target read-only files/directories

    Target read-only files/directories

    Right now, targeting read-only files or directories fails (with a panic).

    Supporting this case would be useful for (examples):

    • re-map the location of configuration files that are not supposed to be modified by the target application
    • provide modified/program-local system configuration files for a specific target application

    In any case, this should probably not fail with a panic!

    opened by yannleretaille 3
  • How can I use boxxy to install boxxy?

    How can I use boxxy to install boxxy?

    install.sh is misbehaving and wants to put it's binary to ~/bin AND NOT ~/.local/bin which is XDG standard?

    I want to use boxxy to install.sh to ~/.local/bin ?

    Or might it be possible to customize the path in install.sh?

    Anyway, cool idea. But too much work to write a config for every "misbehaving" application. A generic wrapper (scanning what bins are in your PATH) and a repository with predefined configs would be cool.

    opened by blurayne 2
  • User becomes nobody

    User becomes nobody

    Hi,

    thanks for this cool tool. Maybe this is a noob question, but when I use boxxy I become user nobody. This isn't intended, right?

    [clem@clem-t480s][~]$ boxxy whoami
     INFO  boxxy > loaded 1 rules
     INFO  boxxy::enclosure > applying rule 'redirect tmux config from ~/.tmux.conf to ~/.config/tmux/tmux.conf'
     INFO  boxxy::enclosure > redirect: ~/.tmux.conf -> ~/.config/tmux/tmux.conf
     INFO  boxxy::enclosure > boxed "whoami" ♥
    nobody
    

    I'm on Fedora 37 and bash.

    opened by clemisch 2
  • chore(deps): bump clap from 4.1.4 to 4.1.6

    chore(deps): bump clap from 4.1.4 to 4.1.6

    Bumps clap from 4.1.4 to 4.1.6.

    Release notes

    Sourced from clap's releases.

    v4.1.6

    [4.1.6] - 2023-02-15

    Fixes

    • (help) Don't show long help for --help just because hidden possible values include a description
    Changelog

    Sourced from clap's changelog.

    [4.1.6] - 2023-02-15

    Fixes

    • (help) Don't show long help for --help just because hidden possible values include a description

    [4.1.5] - 2023-02-15

    Fixes

    • (help) Don't show long help for --help just because a hidden arg has a possible value with a description
    Commits
    • 5e240dd chore: Release
    • 4648b6b docs: Update changelog
    • 8c92ef6 fix(help): Fix yet another --help long help edge case (#4712)
    • fb9435d chore: Release
    • 9270d23 docs: Update changelog
    • 473cf17 fix(help): Fix --help help text in edge case (#4710)
    • 62da8f9 Merge pull request #4711 from aleksanderkrauze/improve-builder-str-inner-into...
    • d6e7d46 Improve builder::str::inner::Inner::into_string implementation
    • ad5d676 Merge pull request #4696 from graves501/patch-1
    • ad6778d Fix typo in git.rs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • tmux example is obsolete

    tmux example is obsolete

    While risking to be nit-picky: tmux 3.1+ (e.g. included in Debian 11 "bullseye") is capabable of using ~/.config/tmux/tmux.conf https://unix.stackexchange.com/questions/644819/is-it-possible-to-move-tmux-conf-to-config-folder

    (Apart from that, the general idea of boxxy seems communicated good enough. Cheers!)

    opened by benjamir 1
Releases(v0.3.4)
Owner
amy null
sometimes my code works. usually not. it/its / she/her. platform team lead @massdriver-cloud
amy null
*slaps roof of [programming language]* this bad boy can fit so much [syntax sugar] into it

An attempt to give myself a new Pareto-optimal choice for quick-and-dirty scripts, particularly when I'm not on a dev computer, and to practice writin

Brian Chen 985 Apr 25, 2023
BadDown is a simplistic and bad markup language inspired by Markdown.

BadDown BadDown is a simplistic and bad markup language inspired by Markdown. Features Simplicity: BadDown keeps it simple, with minimal syntax to cre

Moinhausen 3 Feb 5, 2024
CLI tool to find duplicate files based on their hashes.

Dupper Dupper is a CLI tool that helps you identify duplicate files based on their hashes (using the Seahash hashing algorithm). Installation You can

Rubén J.R. 4 Dec 27, 2022
FileSorterX is an automatic file sorting application that sorts your files into folders based on their file extension

FileSorterX is an automatic file sorting application that sorts your files into folders based on their file extension. With FileSorterX, you can easily keep your files organized and find what you need quickly.

Xanthus 22 Apr 4, 2023
Check the reproducibility status of your Arch Linux packages (read-only mirror)

arch-repro-status A CLI tool for querying the reproducibility status of the Arch Linux packages using data from a rebuilderd instance such as reproduc

Arch Linux 12 Nov 16, 2022
Shell Escape for Typst typesetting system. Linux Only.

Shell Escape for Typst This is a simple shell escape for Typst. It allows you to run shell commands directly from Typst compiler. That said, it does n

Nikolay Stepanov 4 Jun 7, 2023
A super simple /sbin/init for Linux which allows running one and only one program

Summary High-performance /sbin/init program for Linux This is designed to do literally nothing but accept binaries over the network and run them as a

null 19 Dec 4, 2023
Black-box integration tests for your REST API using the Rust and its test framework

restest Black-box integration test for REST APIs in Rust. This crate provides the [assert_api] macro that allows to declaratively test, given a certai

IOmentum 10 Nov 23, 2022
`boxy` - declarative box-drawing characters

boxy - declarative box-drawing characters Box-drawing characters are used extensively in text user interfaces software for drawing lines, boxes, and o

Miguel Young 7 Dec 30, 2022
Benson Box built on Substrate for a world UNcorporated.

Benson Box Benson Box built on Substrate. For getting started and technical guides, please refer to the Benson Wiki. Contributing All PRs are welcome!

Arthur·Thomas 13 Mar 13, 2022
Rudi - an out-of-the-box dependency injection framework for Rust.

Rudi Rudi - an out-of-the-box dependency injection framework for Rust. use rudi::{Context, Singleton, Transient}; // Register `fn(cx) -> A { A }` as

ZihanType 15 Aug 15, 2023
Rust Server Components. JSX-like syntax and async out of the box.

RSCx - Rust Server Components RSCx is a server-side HTML rendering engine library with a neat developer experience and great performance. Features: al

Antonio Pitasi 21 Sep 19, 2023
TMM is a Linux native game modding tool. it allows to install and depoly mods for Linux native and wine games.

Tux Mod Manager TMM is a Linux native mod manager made with the Tauri toolkit. It can install, load, remove and deploy mods for both Linux native and

Mathiew May 119 Dec 27, 2022
Mini Rust CLI to deploy sites to Netlify using their API

This is a Rust CLI that uses the Netlify API to deploy sites.

Benjamin Lannon 10 May 12, 2022
Oxygen is a voice journal and audio analysis toolkit for people who want to change the way their voice comes across.

Oxygen Voice Journal Oxygen is a voice journal and audio analysis toolkit for people who want to change the way their voice comes across. Or rather, i

Jocelyn Stericker 32 Oct 20, 2022
The library for those who need a little extra from their windows. ™

WinEx The library for those who need a little extra from their windows. ™ WinEx - Short for Window Extended - is a library whose goal is to implement

Matheus Branco Borella 2 Mar 27, 2022
trigger io::Error's in test, and annotate their source

fault-injection docs Similar to the try! macro or ? operator, but externally controllable to inject faults during testing. Unlike the try! macro or ?

Komora 18 Dec 16, 2022
Calculate a player's skill level using Elo, DWZ, Ingo, TrueSkill, Glicko and Glicko-2 algorithms known from their usage in chess and online games.

skillratings Skillratings allows you to calculate the player's skill instantly in 1v1 matches or after tournaments/rating periods with a list of resul

null 10 Dec 30, 2022
A command line tool for people of transgender experience to replace their deadname within a Git repo.

chowndn (Change Owner from Dead Name) A command line tool for people of transgender experience to replace their dead name within a Git repo. See chown

Christi Miller 23 Dec 6, 2022