Hacker News Daily 上看到這則:「Try: run a command and inspect its effects before changing your live system (github.com/binpash)」,這是一個 GitHub 專案:「binpash/try」。
整包軟體意外的簡單,是一隻 shell script,透過 OverlayFS 取得改變的部分:
try lets you run a command and inspect its effects before changing your live system. try uses Linux's namespaces (via unshare) and the overlayfs union filesystem.
記得 OverlayFS 在 Docker 用的很多,所以穩定性應該是沒什麼問題,不過專案開頭也有提到,這只是把 filesystem 層拆出來,不是很嚴謹的 sandbox 環境,像是 /dev 這邊的東西還是有穿透性,不要跑不信任的程式:
Please note that try is a prototype and not a full sandbox, and should not be used to execute commands that you don't already trust on your system, (i.e. devices in /dev are mounted in the sandbox, and network calls are all allowed.) Please do not attempt any commands that will remove everything in /dev or write zeros to your disks.
我覺得這個很適合拿來跑各種 install.sh 這種東西?有些 install.sh 不知道塞了多少垃圾 (像是 .bashrc 或是 .profile 都有可能會被動),可以知道有哪些檔案要清會比較好。
把裡面的 try 這個檔案丟到自己的可執行目錄就裝好了,像是 ~/.local/bin 或是 ~/bin 之類的地方,看你的 $PATH 設定決定。
另外也可以從 subcommands 裡面的指令看到你可以用 try explore 啟動 shell 跑進去看:
Subcommands: try summary DIR show the summary for the overlay in DIR try commit DIR commit the overlay in DIR try explore DIR start a shell inside the overlay in DIR
