#!/usr/bin/env bash
set -u

UNPRIVILEGED_USERNS_ENABLED=$(cat /proc/sys/kernel/unprivileged_userns_clone 2>/dev/null)
RESTRICT_UNPRIVILEGED_USERNS=$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_userns 2>/dev/null)
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

!([ "$UNPRIVILEGED_USERNS_ENABLED" != 1 ] || [ "$RESTRICT_UNPRIVILEGED_USERNS" == 1 ])
APPLY_NO_SANDBOX_FLAG=$?

if [ "$SCRIPT_DIR" == "/usr/bin" ]; then
	SCRIPT_DIR="/opt/IPTVnator"
fi

if [ "$APPLY_NO_SANDBOX_FLAG" == 1 ]; then
	echo "Note: Running with --no-sandbox since unprivileged_userns_clone is disabled or apparmor_restrict_unprivileged_userns is enabled."
fi

exec "$SCRIPT_DIR/iptvnator.bin" "$([ "$APPLY_NO_SANDBOX_FLAG" == 1 ] && echo '--no-sandbox')" "$@"
