“Do, or do not. There is no try.”
We’re setting out to change that.
Description
try
lets you run a command and inspect its effects before changing your live system. try
uses Linux’s namespaces (via unshare
) and the overlayfs union filesystem.
Please note that try
is a prototype and not a full sandbox, and should not be used to execute
commands that you don’t already trust on your system, (i.e. devices in /dev
are
mounted in the sandbox, and network calls are all allowed.) Please do not
attempt any commands that will remove everything in /dev or write zeros to your
disks.
Getting Started
Dependencies
Has been tested on the following distributions:
Ubuntu 20.04 LTS
or laterDebian 12
Centos 9 Stream 5.14.0-325.el9
Arch 6.1.33-1-lts
Alpine 6.1.34-1-lts
Rocky 9 5.14.0-284.11.1.el9_2
Installing
You only need the try
script, which you can download by cloning this repository:
$ git clone https://github.com/binpash/try.git
Example Usage
try
is a higher-order command, like xargs
, exec
, nohup
, or find
. For example, to install a package via pip3
, you can invoke try
as follows:
$ try pip3 install libdash ... # output continued below
By default, try will ask you to commit the changes made at the end of its execution.
$ try -n "curl https://sh.rustup.rs | sh" /tmp/tmp.uCThKq7LBK
Alternatively, you can specify your own overlay directory as follows (note that you’ll have to create the sandbox directory first)
$ try -D rustup-sandbox "curl https://sh.rustup.rs | sh" $ ls rustup-sandbox temproot upperdir workdir
As you can see from the output above, try has created an overlay environment in the rustup-sandbox directory.
Manually inspecting upperdir reveals the changes to the files made inside the overlay during the execution of the previous command with try:
~/try/rustup-sandbox/upperdir$ du -hs . 1.2G .
You can inspect the changes made inside a given overlay directory using try:
$ try summary rustup-sandbox/ | head Changes detected in the following files: rustup-sandbox//upperdir/home/ubuntu/.profile (modified/added) rustup-sandbox//upperdir/home/ubuntu/.bashrc (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/update-hashes/stable-x86_64-unknown-linux-gnu (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/settings.toml (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/libstd-8389830094602f5a.so (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/lldb_commands (modified/added) rustup-sandbox//upperdir/home/ubuntu/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/gdb_lookup.py (modified/added)
You can also choose to commit the overlay directory contents:
$ try commit rustup-sandbox
Known Issues
Any command that interacts with other users/groups will fail since only the
current user’s UID/GID are mapped. How