opencode bwrap quick & dirty

gistfile1.txt

#!/usr/bin/env bash

cmd=$HOME/software/opencode/opencode
#cmd=/usr/bin/bash

exec bwrap \
    --unshare-all \
    --share-net \
    --die-with-parent \
    --new-session \
    \
    --ro-bind /usr/ /usr \
    --symlink usr/lib /lib \
    --symlink usr/lib64 /lib64 \
    --symlink usr/bin /bin \
    --symlink usr/sbin /sbin \
    --ro-bind /etc/ld.so.conf /etc/ld.so.conf \
    --ro-bind /etc/ld.so.conf.d /etc/ld.so.conf.d \
    --ro-bind /etc/ld.so.cache /etc/ld.so.cache \
    --proc /proc \
    --dev /dev \
    --perms 1777 --tmpfs /dev/pts \
    --perms 1777 --tmpfs /dev/shm \
    --perms 1777 --tmpfs /tmp \
    --perms 0755 --tmpfs /run \
    \
    `# Minimal /etc files needed` \
    --ro-bind /etc/resolv.conf /etc/resolv.conf \
    --ro-bind /etc/hosts /etc/hosts \
    --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
    --ro-bind /etc/passwd /etc/passwd \
    --ro-bind /etc/group /etc/group \
    --ro-bind /etc/localtime /etc/localtime \
    \
    `# SSL certificates for API access` \
    --ro-bind /etc/ssl /etc/ssl \
    --ro-bind-try /etc/ca-certificates /etc/ca-certificates \
    \
    `# Home directory structure` \
    --dir "$HOME" \
    --setenv HOME "$HOME" \
    --chdir "$PWD" \
    --bind "$PWD" "$PWD" \
    \
    `# OpenCode config and cache directories (read-write)` \
    --bind-try "$HOME/.cache/opencode" "$HOME/.cache/opencode" \
    --bind-try "$HOME/.local/share/opencode" "$HOME/.local/share/opencode" \
    --bind-try "$HOME/.local/state/opencode" "$HOME/.local/state/opencode" \
    --bind-try "$HOME/.config/opencode" "$HOME/.config/opencode" \
    \
    `# Terminal and environment` \
    --setenv TMPDIR /tmp \
    --setenv PATH /usr/local/bin:/usr/bin:/bin \
    \
    `# Run OpenCode` \
    --ro-bind $HOME/software/opencode/ $HOME/software/opencode/ \
    "$cmd" "$@"