foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wrapper-manager/sandboxing/bubblewrap: add sysfs ro-binds as part of launcher optimizations

Browse Source
This commit is contained in:
Gabriel Arazas 2024-08-10 21:27:29 +08:00
parent a2439e9419
commit 456c5e771c
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/wrapper-manager/sandboxing/bubblewrap/launcher/app.sh
View File

@ -48,6 +48,12 @@ case "$(uname)" in
additional_flags+=(--ro-bind /run/opengl-driver-32 /run/opengl-driver-32) additional_flags+=(--ro-bind /run/opengl-driver-32 /run/opengl-driver-32)
fi fi
fi fi
for sysfs_dir in /sys/{block,bus,class,dev,devices}; do
if [[ -r "$sysfs_dir" ]] && [[ -x "$sysfs_dir" ]]; then
additional_flags+=(--ro-bind "${sysfs_dir}")
fi
done
;; ;;
esac esac
@ -75,6 +81,8 @@ if is_autoconfigured_or "${WRAPPER_MANAGER_BWRAP_LAUNCHER_X11}" && [ "${XAUTHORI
additional_flags+=(--ro-bind '/tmp/.X11-unix' '/tmp/.X11-unix') additional_flags+=(--ro-bind '/tmp/.X11-unix' '/tmp/.X11-unix')
fi fi
# TODO: Create a Flatpak workaround trick to enable sandboxing with XDG Portals.
# Fork the D-Bus proxy in case it is needed. We only need to know if its needed # Fork the D-Bus proxy in case it is needed. We only need to know if its needed
# if the *DBUS_PROXY_ARGS envvar is set. # if the *DBUS_PROXY_ARGS envvar is set.
if [ -n "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY_ARGS}" ]; then if [ -n "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY_ARGS}" ]; then
@ -83,5 +91,4 @@ if [ -n "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY_ARGS}" ]; then
-- "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY}" "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY_ARGS[@]}" -- "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY}" "${WRAPPER_MANAGER_BWRAP_LAUNCHER_DBUS_PROXY_ARGS[@]}"
) & ) &
fi fi
exec ${WRAPPER_MANAGER_BWRAP_LAUNCHER_BWRAP} "${additional_flags[@]}" "$@" exec ${WRAPPER_MANAGER_BWRAP_LAUNCHER_BWRAP} "${additional_flags[@]}" "$@"