Init repo

.gitattributes

@@ -0,0 +1 @@
+*.tar filter=lfs diff=lfs merge=lfs -text

README.md

@@ -0,0 +1,121 @@
+## Conty
+
+This is an easy to use non-root container compressed into squashfs and packed 
+into a single executable that runs (or at least should run) on most Linux distros.
+
+You can use it to run any applications, including games (Vulkan and OpenGL). 
+Besides, due to bubblewrap, Conty also supports true filesystem sandboxing, so you can even use it to sandbox
+your applications.
+
+It uses two technologies:
+* SuqashFS
+* Linux namespaces (using bubblewrap)
+
+## Benefits
+
+* Single executable - download and run, nothing else it required
+* Compressed into squashfs, so it takes much less disk space than
+unpacked containers.
+* Contains many libraries so it can run almost everything. And you don't
+need to install anything on your host system. You can even run 32-bit applications
+on pure 64-bit systems.
+* Based on Arch Linux, so it contains latest software, including latest
+videodrivers.
+* Almost completely seamless experience. All applcation that you run
+with Conty store their configs in your HOME directory as if you wouldn't
+use container at all.
+* Supports filesystem sandboxing
+
+## Requirements
+
+The only requirements are bash, fuse2 and tar. And your /tmp directory
+should allow binaries execution (which it does by default on most distros).
+
+Also, your Linux kernel must support unprivileged user namespaces. On some 
+Linux distros this feature is disabled by default and can be enabled with sysfs:
+
+```
+sysctl kernel.unprivileged_userns_clone=1
+```
+
+or
+
+```
+echo 1 > /proc/sys/kernel/unprivileged_userns_clone
+```
+
+## Usage
+
+Either download ready-to-use executable from the releases page or create your
+own (the instructions are below). Make it executable before run.
+
+```
+chmod +x conty.sh
+./conty.sh command command_arguments
+```
+
+For example, if you want to run some application from your HOME directory run:
+
+```
+./conty.sh /home/username/App/application_binary
+```
+
+Conty also contains Steam, Lutris, Wine-Staging and much more.
+
+```
+./conty.sh steam
+./conty.sh lutris
+./conty.sh wine app.exe
+```
+
+Want to check if your graphics acceleration works? Run glxinfo and glxgears:
+
+```
+./conty.sh glxinfo | grep direct
+./conty.sh glxgears
+```
+
+List all built-in binaries with:
+
+```
+./conty.sh ls /usr/bin
+```
+
+## Sandbox
+
+Conty uses bubblewrap and thus support filesystem sandboxing. By default
+it's disabled and all directories on your system are available for the container. 
+
+You can enable sandboxing with the SANDBOX environment variable. You can allow 
+access to directories you want with the WHITELIST_DIRS variable. And it's 
+also possible to disable network with the DISABLE_NET. For example:
+
+```
+export DISABLE_NET=1
+export SANDBOX=1
+export WHITELIST_DIRS="/home/username/.cache /opt /home/username/Downloads"
+./conty.sh command
+```
+
+## How to create your own Conty executable
+
+If you want to create Arch-based container then use the create-arch-bootstrap.sh script. Root rights
+are required for this step, because chrooting is used here.
+
+```
+./create-arch-bootstrap.sh
+```
+
+You can edit the script, if you want to include different set of packages inside
+the container.
+
+If want to use some other distro then you need to manually obtain it from somewhere.
+
+When distro bootsrap is obtained, use create-conty.sh script to pack
+everything into a single executable.
+
+```
+./create-conty.sh
+```
+
+Done!

create-arch-bootstrap.sh

@@ -0,0 +1,412 @@
+#!/usr/bin/env bash
+
+# Dependencies: wget tar gzip
+# Root rights are required
+
+if [ $EUID != 0 ]; then
+	echo "Root rights are required!"
+ 
+	exit 1
+fi
+
+script_dir="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
+
+mount_chroot () {
+	# First unmount just in case
+	umount -Rl "${bootstrap}"
+	
+	mount --bind "${bootstrap}" "${bootstrap}"
+	mount --bind /dev "${bootstrap}"/dev
+	mount --bind /dev/shm "${bootstrap}"/dev/shm
+	mount --bind /dev/pts "${bootstrap}"/dev/pts
+	mount --bind /proc "${bootstrap}"/proc
+	mount --bind /sys "${bootstrap}"/sys
+	mount --bind /etc/resolv.conf "${bootstrap}"/etc/resolv.conf
+}
+
+unmount_chroot () {
+	umount -Rl "${bootstrap}"
+}
+
+run_in_chroot () {
+	chroot "${bootstrap}" /usr/bin/env LANG=en_US.UTF-8 TERM=xterm PATH="/bin:/sbin:/usr/bin:/usr/sbin" "$@"
+}
+
+generate_localegen () {
+	cat <<EOF > locale.gen
+aa_DJ.UTF-8 UTF-8  
+aa_ER UTF-8  
+aa_ER@saaho UTF-8  
+aa_ET UTF-8  
+af_ZA.UTF-8 UTF-8  
+agr_PE UTF-8  
+ak_GH UTF-8  
+am_ET UTF-8  
+an_ES.UTF-8 UTF-8  
+anp_IN UTF-8  
+ar_AE.UTF-8 UTF-8  
+ar_BH.UTF-8 UTF-8  
+ar_DZ.UTF-8 UTF-8  
+ar_EG.UTF-8 UTF-8  
+ar_IN UTF-8  
+ar_IQ.UTF-8 UTF-8  
+ar_JO.UTF-8 UTF-8  
+ar_KW.UTF-8 UTF-8  
+ar_LB.UTF-8 UTF-8  
+ar_LY.UTF-8 UTF-8  
+ar_MA.UTF-8 UTF-8  
+ar_OM.UTF-8 UTF-8  
+ar_QA.UTF-8 UTF-8  
+ar_SA.UTF-8 UTF-8  
+ar_SD.UTF-8 UTF-8  
+ar_SS UTF-8  
+ar_SY.UTF-8 UTF-8  
+ar_TN.UTF-8 UTF-8  
+ar_YE.UTF-8 UTF-8  
+ayc_PE UTF-8  
+az_AZ UTF-8  
+az_IR UTF-8  
+as_IN UTF-8  
+ast_ES.UTF-8 UTF-8  
+be_BY.UTF-8 UTF-8  
+be_BY@latin UTF-8  
+bem_ZM UTF-8  
+ber_DZ UTF-8  
+ber_MA UTF-8  
+bg_BG.UTF-8 UTF-8  
+bhb_IN.UTF-8 UTF-8  
+bho_IN UTF-8  
+bho_NP UTF-8  
+bi_VU UTF-8  
+bn_BD UTF-8  
+bn_IN UTF-8  
+bo_CN UTF-8  
+bo_IN UTF-8  
+br_FR.UTF-8 UTF-8  
+brx_IN UTF-8  
+bs_BA.UTF-8 UTF-8  
+byn_ER UTF-8  
+ca_AD.UTF-8 UTF-8  
+ca_ES.UTF-8 UTF-8  
+ca_ES@valencia UTF-8  
+ca_FR.UTF-8 UTF-8  
+ca_IT.UTF-8 UTF-8  
+ce_RU UTF-8  
+chr_US UTF-8  
+ckb_IQ UTF-8  
+crh_UA UTF-8  
+cs_CZ.UTF-8 UTF-8  
+csb_PL UTF-8  
+cv_RU UTF-8  
+cy_GB.UTF-8 UTF-8  
+da_DK.UTF-8 UTF-8  
+de_AT.UTF-8 UTF-8  
+de_BE.UTF-8 UTF-8  
+de_CH.UTF-8 UTF-8  
+de_DE.UTF-8 UTF-8  
+de_IT.UTF-8 UTF-8  
+de_LI.UTF-8 UTF-8  
+de_LU.UTF-8 UTF-8  
+doi_IN UTF-8  
+dsb_DE UTF-8  
+dv_MV UTF-8  
+dz_BT UTF-8  
+el_GR.UTF-8 UTF-8  
+el_CY.UTF-8 UTF-8  
+en_AG UTF-8  
+en_AU.UTF-8 UTF-8  
+en_BW.UTF-8 UTF-8  
+en_CA.UTF-8 UTF-8  
+en_DK.UTF-8 UTF-8  
+en_GB.UTF-8 UTF-8  
+en_HK.UTF-8 UTF-8  
+en_IE.UTF-8 UTF-8  
+en_IL UTF-8  
+en_IN UTF-8  
+en_NG UTF-8  
+en_NZ.UTF-8 UTF-8  
+en_PH.UTF-8 UTF-8  
+en_SC.UTF-8 UTF-8  
+en_SG.UTF-8 UTF-8  
+en_US.UTF-8 UTF-8  
+en_ZA.UTF-8 UTF-8  
+en_ZM UTF-8  
+en_ZW.UTF-8 UTF-8  
+eo UTF-8  
+es_AR.UTF-8 UTF-8  
+es_BO.UTF-8 UTF-8  
+es_CL.UTF-8 UTF-8  
+es_CO.UTF-8 UTF-8  
+es_CR.UTF-8 UTF-8  
+es_CU UTF-8  
+es_DO.UTF-8 UTF-8  
+es_EC.UTF-8 UTF-8  
+es_ES.UTF-8 UTF-8  
+es_GT.UTF-8 UTF-8  
+es_HN.UTF-8 UTF-8  
+es_MX.UTF-8 UTF-8  
+es_NI.UTF-8 UTF-8  
+es_PA.UTF-8 UTF-8  
+es_PE.UTF-8 UTF-8  
+es_PR.UTF-8 UTF-8  
+es_PY.UTF-8 UTF-8  
+es_SV.UTF-8 UTF-8  
+es_US.UTF-8 UTF-8  
+es_UY.UTF-8 UTF-8  
+es_VE.UTF-8 UTF-8  
+et_EE.UTF-8 UTF-8  
+eu_ES.UTF-8 UTF-8  
+fa_IR UTF-8  
+ff_SN UTF-8  
+fi_FI.UTF-8 UTF-8  
+fil_PH UTF-8  
+fo_FO.UTF-8 UTF-8  
+fr_BE.UTF-8 UTF-8  
+fr_CA.UTF-8 UTF-8  
+fr_CH.UTF-8 UTF-8  
+fr_FR.UTF-8 UTF-8  
+fr_LU.UTF-8 UTF-8  
+fur_IT UTF-8  
+fy_NL UTF-8  
+fy_DE UTF-8  
+ga_IE.UTF-8 UTF-8  
+gd_GB.UTF-8 UTF-8  
+gez_ER UTF-8  
+gez_ER@abegede UTF-8  
+gez_ET UTF-8  
+gez_ET@abegede UTF-8  
+gl_ES.UTF-8 UTF-8  
+gu_IN UTF-8  
+gv_GB.UTF-8 UTF-8  
+ha_NG UTF-8  
+hak_TW UTF-8  
+he_IL.UTF-8 UTF-8  
+hi_IN UTF-8  
+hif_FJ UTF-8  
+hne_IN UTF-8  
+hr_HR.UTF-8 UTF-8  
+hsb_DE.UTF-8 UTF-8  
+ht_HT UTF-8  
+hu_HU.UTF-8 UTF-8  
+hy_AM UTF-8  
+ia_FR UTF-8  
+id_ID.UTF-8 UTF-8  
+ig_NG UTF-8  
+ik_CA UTF-8  
+is_IS.UTF-8 UTF-8  
+it_CH.UTF-8 UTF-8  
+it_IT.UTF-8 UTF-8  
+iu_CA UTF-8  
+ja_JP.UTF-8 UTF-8  
+ka_GE.UTF-8 UTF-8  
+kab_DZ UTF-8  
+kk_KZ.UTF-8 UTF-8  
+kl_GL.UTF-8 UTF-8  
+km_KH UTF-8  
+kn_IN UTF-8  
+ko_KR.UTF-8 UTF-8  
+kok_IN UTF-8  
+ks_IN UTF-8  
+ks_IN@devanagari UTF-8  
+ku_TR.UTF-8 UTF-8  
+kw_GB.UTF-8 UTF-8  
+ky_KG UTF-8  
+lb_LU UTF-8  
+lg_UG.UTF-8 UTF-8  
+li_BE UTF-8  
+li_NL UTF-8  
+lij_IT UTF-8  
+ln_CD UTF-8  
+lo_LA UTF-8  
+lt_LT.UTF-8 UTF-8  
+lv_LV.UTF-8 UTF-8  
+lzh_TW UTF-8  
+mag_IN UTF-8  
+mai_IN UTF-8  
+mai_NP UTF-8  
+mfe_MU UTF-8  
+mg_MG.UTF-8 UTF-8  
+mhr_RU UTF-8  
+mi_NZ.UTF-8 UTF-8  
+miq_NI UTF-8  
+mjw_IN UTF-8  
+mk_MK.UTF-8 UTF-8  
+ml_IN UTF-8  
+mn_MN UTF-8  
+mni_IN UTF-8  
+mnw_MM UTF-8  
+mr_IN UTF-8  
+ms_MY.UTF-8 UTF-8  
+mt_MT.UTF-8 UTF-8  
+my_MM UTF-8  
+nan_TW UTF-8  
+nan_TW@latin UTF-8  
+nb_NO.UTF-8 UTF-8  
+nds_DE UTF-8  
+nds_NL UTF-8  
+ne_NP UTF-8  
+nhn_MX UTF-8  
+niu_NU UTF-8  
+niu_NZ UTF-8  
+nl_AW UTF-8  
+nl_BE.UTF-8 UTF-8  
+nl_NL.UTF-8 UTF-8  
+nn_NO.UTF-8 UTF-8  
+nr_ZA UTF-8  
+nso_ZA UTF-8  
+oc_FR.UTF-8 UTF-8  
+om_ET UTF-8  
+om_KE.UTF-8 UTF-8  
+or_IN UTF-8  
+os_RU UTF-8  
+pa_IN UTF-8  
+pa_PK UTF-8  
+pap_AW UTF-8  
+pap_CW UTF-8  
+pl_PL.UTF-8 UTF-8  
+ps_AF UTF-8  
+pt_BR.UTF-8 UTF-8  
+pt_PT.UTF-8 UTF-8  
+quz_PE UTF-8  
+raj_IN UTF-8  
+ro_RO.UTF-8 UTF-8  
+ru_RU.UTF-8 UTF-8  
+ru_UA.UTF-8 UTF-8  
+rw_RW UTF-8  
+sa_IN UTF-8  
+sah_RU UTF-8  
+sat_IN UTF-8  
+sc_IT UTF-8  
+sd_IN UTF-8  
+sd_IN@devanagari UTF-8  
+se_NO UTF-8  
+sgs_LT UTF-8  
+shn_MM UTF-8  
+shs_CA UTF-8  
+si_LK UTF-8  
+sid_ET UTF-8  
+sk_SK.UTF-8 UTF-8  
+sl_SI.UTF-8 UTF-8  
+sm_WS UTF-8  
+so_DJ.UTF-8 UTF-8  
+so_ET UTF-8  
+so_KE.UTF-8 UTF-8  
+so_SO.UTF-8 UTF-8  
+sq_AL.UTF-8 UTF-8  
+sq_MK UTF-8  
+sr_ME UTF-8  
+sr_RS UTF-8  
+sr_RS@latin UTF-8  
+ss_ZA UTF-8  
+st_ZA.UTF-8 UTF-8  
+sv_FI.UTF-8 UTF-8  
+sv_SE.UTF-8 UTF-8  
+sw_KE UTF-8  
+sw_TZ UTF-8  
+szl_PL UTF-8  
+ta_IN UTF-8  
+ta_LK UTF-8  
+tcy_IN.UTF-8 UTF-8  
+te_IN UTF-8  
+tg_TJ.UTF-8 UTF-8  
+th_TH.UTF-8 UTF-8  
+the_NP UTF-8  
+ti_ER UTF-8  
+ti_ET UTF-8  
+tig_ER UTF-8  
+tk_TM UTF-8  
+tl_PH.UTF-8 UTF-8  
+tn_ZA UTF-8  
+to_TO UTF-8  
+tpi_PG UTF-8  
+tr_CY.UTF-8 UTF-8  
+tr_TR.UTF-8 UTF-8  
+ts_ZA UTF-8  
+tt_RU UTF-8  
+tt_RU@iqtelif UTF-8  
+ug_CN UTF-8  
+uk_UA.UTF-8 UTF-8  
+unm_US UTF-8  
+ur_IN UTF-8  
+ur_PK UTF-8  
+uz_UZ.UTF-8 UTF-8  
+uz_UZ@cyrillic UTF-8  
+ve_ZA UTF-8  
+vi_VN UTF-8  
+wa_BE.UTF-8 UTF-8  
+wae_CH UTF-8  
+wal_ET UTF-8  
+wo_SN UTF-8  
+xh_ZA.UTF-8 UTF-8  
+yi_US.UTF-8 UTF-8  
+yo_NG UTF-8  
+yue_HK UTF-8  
+yuw_PG UTF-8  
+zh_CN.UTF-8 UTF-8  
+zh_HK.UTF-8 UTF-8  
+zh_SG.UTF-8 UTF-8  
+zh_TW.UTF-8 UTF-8  
+zu_ZA.UTF-8 UTF-8  
+EOF
+}
+
+generate_mirrorlist () {
+	cat <<EOF > mirrorlist
+Server = https://ftp.halifax.rwth-aachen.de/archlinux/\$repo/os/\$arch
+Server = https://mirror.pseudoform.org/\$repo/os/\$arch
+Server = https://archlinux.thaller.ws/\$repo/os/\$arch
+Server = https://mirror.chaoticum.net/arch/\$repo/os/\$arch
+Server = https://mirror.f4st.host/archlinux/\$repo/os/\$arch
+EOF
+}
+
+cd "${script_dir}" || exit 1
+
+bootstrap="${script_dir}"/root.x86_64
+
+packagelist="base nano mesa lib32-mesa vulkan-radeon lib32-vulkan-radeon \
+			vulkan-icd-loader lib32-vulkan-icd-loader nvidia-utils \
+			lib32-nvidia-utils lib32-alsa-plugins wine-staging mesa-demos \
+			vulkan-tools gst-plugins-good gst-plugins-bad gst-plugins-ugly \
+			lib32-gst-plugins-good ttf-dejavu ttf-liberation lib32-openal \
+			lib32-vkd3d vkd3d lib32-libva vulkan-intel lib32-vulkan-intel \
+			winetricks lutris steam"
+
+wget -q "https://archlinux.org/download/"
+current_release="$(cat index.html | grep "Current Release" | tail -c -16 | head -c +10)"
+rm index.html
+
+echo "Downloading ${current_release} release"
+wget -q --show-progress -O arch.tar.gz https://mirror.rackspace.com/archlinux/iso/${current_release}/archlinux-bootstrap-${current_release}-x86_64.tar.gz
+tar xf arch.tar.gz
+rm arch.tar.gz
+
+mount_chroot
+
+generate_localegen
+generate_mirrorlist
+
+rm "${bootstrap}"/etc/locale.gen
+cp locale.gen "${bootstrap}"/etc/locale.gen
+rm locale.gen
+
+rm "${bootstrap}"/etc/pacman.d/mirrorlist
+cp mirrorlist "${bootstrap}"/etc/pacman.d/mirrorlist
+rm mirrorlist
+
+echo "[multilib]" >> "${bootstrap}"/etc/pacman.conf
+echo "Include = /etc/pacman.d/mirrorlist" >> "${bootstrap}"/etc/pacman.conf
+
+run_in_chroot pacman-key --init
+run_in_chroot pacman-key --populate archlinux
+run_in_chroot pacman -Syu --noconfirm
+run_in_chroot pacman --noconfirm -S ${packagelist}
+run_in_chroot pacman --noconfirm -Scc
+run_in_chroot locale-gen
+
+rm "${bootstrap}"/var/cache/pacman/pkg/*
+
+unmount_chroot
+
+clear
+echo "Done"

create-conty.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# Dependencies: squashfs-tools zstd lz4
+
+script_dir="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
+
+# Builtin suqashfuse supports only lz4 and zstd
+# So choose either lz4 or zstd
+squashfs_compressor="zstd"
+compressor_arguments="-Xcompression-level 19"
+
+bootstrap="${script_dir}"/root.x86_64
+
+cd "${script_dir}" || exit 1
+
+if [ ! -f utils.tar ]; then
+	echo "utils.tar is required!"
+	exit 1
+fi
+
+if [ ! -f squashfs-start.sh ]; then
+	echo "squashfs-start.sh is required!"
+	exit 1
+fi
+
+if ! command -v mksquashfs 1>/dev/null; then
+	echo "Please install squashfs-tools and run the script again"
+	exit 1
+fi
+
+if [ ! -d "${bootstrap}" ]; then
+	echo "Bootstrap is required!"
+	exit 1
+fi
+
+echo
+echo "Creating conty..."
+echo
+
+# Create the squashfs image
+rm -f bootstrap.squashfs
+mksquashfs "${bootstrap}" bootstrap.squashfs -comp $squashfs_compressor $compressor_arguments
+
+# Combine the files into a single executable using cat
+cat squashfs-start.sh utils.tar bootstrap.squashfs > conty.sh
+chmod +x conty.sh
+
+clear
+echo "Conty created and ready to use!"

squashfs-start.sh

@@ -0,0 +1,159 @@
+#!/usr/bin/env bash
+
+## Dependencies: fuse2 tar
+
+# Prevent launching as root
+if [ -z $ALLOW_ROOT ]; then
+	if [ $EUID = 0 ]; then
+		echo "Do not run this app as root!"
+		echo
+		echo "If you really need to run it as root, set ALLOW_ROOT env variable."
+   
+		exit 1
+	fi
+fi
+
+# Full path to the script
+script="$(readlink -f "${BASH_SOURCE[0]}")"
+
+# Working directory where squashfs image will be mounted
+# Default path: /tmp/scriptname_username_randomnumber
+working_dir=/tmp/"$(basename "$0")"_"$(id -un)"_$RANDOM
+
+# It's important to set correct sizes below, otherwise there will be
+# a problem with mounting the squashfs image due to an incorrectly calculated offset.
+
+# The size of this script
+scriptsize=4178
+
+# The size of the utils.tar archive
+# utils.tar contains bwrap and squashfuse binaries
+utilssize=1259520
+
+# Offset where the squashfs image is stored
+offset=$((scriptsize+utilssize))
+
+if [ "$1" = "--help" ] || [ "$1" = "-h" ] || [ -z "$1" ]; then
+    echo "Usage: ./conty.sh command command_arguments"
+    echo
+	echo "Arguments:"
+	echo
+	echo -e "-e \tExtract app files"
+	echo -e "-o \tShow squashfs offset"
+	
+	echo
+	echo "Environment variables:"
+	echo
+	echo -e "DISABLE_NET \tDisables network access"
+	echo -e "SANDBOX \tEnables filesystem sandbox"
+	echo -e "WHITELIST_DIRS \tWorks together with SANDBOX variable"
+	echo -e "\t\tAllows access to directories specified (separated by space)"
+	echo -e "\t\tin this variable. All specified directories must exist."
+	echo -e "\t\tFor example, WHITELIST_DIRS=\"/home/username/.config /opt/bin\""
+	echo
+	echo "If you enable SANDBOX but don't set WHITELIST_DIRS, then"
+	echo "no directories will be available at all. And a fake temporary HOME"
+	echo "directory will be created inside the container."
+
+	exit
+elif [ "$1" = "-e" ]; then
+	if command -v unsquashfs 1>/dev/null; then
+		unsquashfs -o $offset -d "$(basename "$0")"_files "${script}"
+	else
+		echo "To extract the image install squashfs-tools."
+	fi
+	
+	exit
+elif [ "$1" = "-o" ]; then
+	echo $offset
+	
+	exit
+fi
+
+# Check if FUSE2 is installed
+if command -v fusermount 1>/dev/null; then
+	fmount=fusermount
+else
+	echo "Please install fuse2 and run the app again"
+	
+	exit 1
+fi
+
+# Extract utils.tar
+mkdir -p "${working_dir}"
+tail -c +$((scriptsize+1)) "${script}" | head -c $utilssize > "${working_dir}"/utils.tar
+tar -C "${working_dir}" -xf "${working_dir}"/utils.tar
+rm "${working_dir}"/utils.tar
+
+export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${working_dir}/utils"
+sfuse="${working_dir}"/utils/squashfuse
+bwrap="${working_dir}"/utils/bwrap
+
+chmod +x "${sfuse}"
+chmod +x "${bwrap}"
+
+run_bwrap () {
+	unshare="--unshare-user --unshare-pid --unshare-uts --unshare-cgroup"
+
+	if [ -n "$DISABLE_NET" ]; then
+		echo "Network is disabled"
+		
+		net="--unshare-net"
+	fi
+	
+	if [ -n "$SANDBOX" ]; then
+		echo "Filesystem sandbox is enabled"
+	
+		dirs="--tmpfs /home --tmpfs /opt --tmpfs /mnt --dir ${HOME}"
+
+		if [ -n "$WHITELIST_DIRS" ]; then
+			echo "Allowed directories: ${WHITELIST_DIRS}"
+		
+			for i in ${WHITELIST_DIRS}; do
+				whitelist="${whitelist} --bind ${i} ${i}"
+			done
+		fi
+
+		dirs="${dirs} ${whitelist}"
+	else
+		dirs="--bind /home /home --bind-try /mnt /mnt --bind-try /opt /opt"
+	fi
+	
+	echo
+
+	"${bwrap}" --ro-bind "${working_dir}"/mnt / \
+			--dev-bind /dev /dev \
+			--ro-bind /sys /sys \
+			--bind /run /run \
+			--bind /var /var \
+			--bind /tmp /tmp \
+			--ro-bind-try /etc/resolv.conf /etc/resolv.conf \
+			--ro-bind-try /etc/hosts /etc/hosts \
+			--ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf \
+			--proc /proc \
+			--ro-bind-try /usr/local /usr/local \
+			${dirs} ${unshare} ${net} \
+			--hostname Conty \
+			--setenv PATH "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \
+			"$@"
+}
+
+# Mount boostrap image
+mkdir -p "${working_dir}"/mnt
+"${fmount}" -u "${working_dir}"/mnt 2>/dev/null || umount "${working_dir}"/mnt 2>/dev/null
+
+"${sfuse}" -o offset="${offset}" "${script}" "${working_dir}"/mnt
+if [ $? = 0 ]; then
+	echo "Running Conty"
+	run_bwrap "$@"
+
+	"${fmount}" -uz "${working_dir}"/mnt 2>/dev/null || umount --lazy "${working_dir}"/mnt 2>/dev/null
+else
+	echo "Mounting the squashfs image failed!"
+	
+	exit 1
+fi
+
+rm -rf "${working_dir}"
+
+exit

utils.tar

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d1c0d735e42d154850d5d9044a662d16b83f62219e86336d87a0df4c09cc7cd2
+size 1259520