Extend device support
This commit is contained in:
parent
77b4fedee2
commit
3a5e5d4870
GPG Key ID:
BF556F989760A7C8
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"extends": "default",
|
||||||
|
"romount": ["/run/user/1000/pulse/native", "/run/user/1000/wayland-1"],
|
||||||
|
"dbus": true,
|
||||||
|
"dbuscall": ["org.freedesktop.Notifications.*=@/org/freedesktop/Notifications", "org.freedesktop.portal.*=*"],
|
||||||
|
"dbusbroadcast": ["org.freedesktop.portal.*=@/org/freedesktop/portal/*"]
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,7 @@ import posix
|
||||||
import sequtils
|
import sequtils
|
||||||
|
|
||||||
type BwrapCall* = object
|
type BwrapCall* = object
|
||||||
args: seq[string]
|
args*: seq[string]
|
||||||
|
|
||||||
proc addArg*(call: var BwrapCall, args: varargs[string]): var BwrapCall {.discardable.} =
|
proc addArg*(call: var BwrapCall, args: varargs[string]): var BwrapCall {.discardable.} =
|
||||||
for arg in args:
|
for arg in args:
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ import options
|
||||||
import bwrap
|
import bwrap
|
||||||
import utils
|
import utils
|
||||||
import json
|
import json
|
||||||
|
import os
|
||||||
|
|
||||||
type Link* = object
|
type Link* = object
|
||||||
src*: string
|
src*: string
|
||||||
|
|
@ -23,6 +24,7 @@ type Config* = object
|
||||||
dbusown*: Option[seq[string]]
|
dbusown*: Option[seq[string]]
|
||||||
dbuscall*: Option[seq[string]]
|
dbuscall*: Option[seq[string]]
|
||||||
dbusbroadcast*: Option[seq[string]]
|
dbusbroadcast*: Option[seq[string]]
|
||||||
|
devmount*: Option[seq[string]]
|
||||||
|
|
||||||
proc applyConfig*(call: var BwrapCall, config: Config) =
|
proc applyConfig*(call: var BwrapCall, config: Config) =
|
||||||
for mount in config.mount.get(@[]):
|
for mount in config.mount.get(@[]):
|
||||||
|
|
@ -34,6 +36,14 @@ proc applyConfig*(call: var BwrapCall, config: Config) =
|
||||||
for symlink in config.symlinks.get(@[]):
|
for symlink in config.symlinks.get(@[]):
|
||||||
call.addArg("--symlink", symlink.src, symlink.dst)
|
call.addArg("--symlink", symlink.src, symlink.dst)
|
||||||
|
|
||||||
|
for device in config.devmount.get(@[]):
|
||||||
|
call.addArg("--dev-bind", device, device)
|
||||||
|
|
||||||
|
if config.mountcwd.get(false):
|
||||||
|
call
|
||||||
|
.addMount("--bind", getCurrentDir())
|
||||||
|
.addArg("--chdir", getCurrentDir())
|
||||||
|
|
||||||
proc loadConfig*(path: string): Config =
|
proc loadConfig*(path: string): Config =
|
||||||
return readFile(path)
|
return readFile(path)
|
||||||
.parseJson()
|
.parseJson()
|
||||||
|
|
@ -53,6 +63,7 @@ proc extendConfig*(config: var Config): Config {.discardable.} =
|
||||||
config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
|
config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
|
||||||
config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
|
config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
|
||||||
config.allowdri = some(config.allowdri.get(eConf.allowdri.get(false)))
|
config.allowdri = some(config.allowdri.get(eConf.allowdri.get(false)))
|
||||||
|
config.devmount = some(config.devmount.get(eConf.devmount.get(@[])))
|
||||||
|
|
||||||
config.dbus = some(config.dbus.get(eConf.dbus.get(false)))
|
config.dbus = some(config.dbus.get(eConf.dbus.get(false)))
|
||||||
config.dbussee = some(config.dbussee.get(@[]).concat(eConf.dbussee.get(@[])))
|
config.dbussee = some(config.dbussee.get(@[]).concat(eConf.dbussee.get(@[])))
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,11 @@ proc sandboxExec*(args: Args) =
|
||||||
.addArg("--dev", "/dev")
|
.addArg("--dev", "/dev")
|
||||||
.addMount("--dev-bind", "/dev/random")
|
.addMount("--dev-bind", "/dev/random")
|
||||||
.addMount("--dev-bind", "/dev/urandom")
|
.addMount("--dev-bind", "/dev/urandom")
|
||||||
|
.addMount("--ro-bind", "/sys/block")
|
||||||
|
.addMount("--ro-bind", "/sys/bus")
|
||||||
|
.addMount("--ro-bind", "/sys/class")
|
||||||
|
.addMount("--ro-bind", "/sys/dev")
|
||||||
|
.addMount("--ro-bind", "/sys/devices")
|
||||||
.addArg("--tmpfs", "/tmp")
|
.addArg("--tmpfs", "/tmp")
|
||||||
.addArg("--tmpfs", "/dev/shm")
|
.addArg("--tmpfs", "/dev/shm")
|
||||||
.addArg("--proc", "/proc")
|
.addArg("--proc", "/proc")
|
||||||
|
|
@ -48,6 +53,10 @@ proc sandboxExec*(args: Args) =
|
||||||
.addArg("--setenv", "BWSANDBOX", "1")
|
.addArg("--setenv", "BWSANDBOX", "1")
|
||||||
.applyConfig(config)
|
.applyConfig(config)
|
||||||
|
|
||||||
|
if config.sethostname.get(false):
|
||||||
|
call
|
||||||
|
.addArg("--hostname", hostname)
|
||||||
|
|
||||||
if config.dbus.get(false):
|
if config.dbus.get(false):
|
||||||
# todo: handle process and cleanup later
|
# todo: handle process and cleanup later
|
||||||
let proxy = startDBusProxy(config, hostname)
|
let proxy = startDBusProxy(config, hostname)
|
||||||
|
|
@ -60,13 +69,4 @@ proc sandboxExec*(args: Args) =
|
||||||
if config.allowdri.get(false):
|
if config.allowdri.get(false):
|
||||||
enableDri(call)
|
enableDri(call)
|
||||||
|
|
||||||
if config.mountcwd.get(false):
|
call.addArg(args.getCmd).exec()
|
||||||
call
|
|
||||||
.addMount("--bind", getCurrentDir())
|
|
||||||
.addArg("--chdir", getCurrentDir())
|
|
||||||
|
|
||||||
if config.sethostname.get(false):
|
|
||||||
call
|
|
||||||
.addArg("--hostname", hostname)
|
|
||||||
|
|
||||||
call.addArg(args.getCmd).exec()
|
|
||||||
|
|
@ -41,17 +41,30 @@ proc deviceExists(path: string): bool =
|
||||||
var res: Stat
|
var res: Stat
|
||||||
return stat(path, res) >= 0 and S_ISCHR(res.st_mode)
|
return stat(path, res) >= 0 and S_ISCHR(res.st_mode)
|
||||||
|
|
||||||
|
proc mountDriFolder(call: var BwrapCall, path: string) =
|
||||||
|
for file in walkPattern(&"{path}/*"):
|
||||||
|
if dirExists(file):
|
||||||
|
mountDriFolder(call, file)
|
||||||
|
elif deviceExists(file):
|
||||||
|
call.addMount("--dev-bind", file)
|
||||||
|
#else:
|
||||||
|
# call.addMount("--ro-bin", file)
|
||||||
|
|
||||||
# https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
|
# https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
|
||||||
proc enableDri*(call: var BwrapCall) =
|
proc enableDri*(call: var BwrapCall) =
|
||||||
|
const folder = "/dev/dri"
|
||||||
const mounts = [
|
const mounts = [
|
||||||
"/dev/dri", # general
|
folder, # general
|
||||||
"/dev/mali", "/dev/mali0", "/dev/umplock", # mali
|
"/dev/mali", "/dev/mali0", "/dev/umplock", # mali
|
||||||
"/dev/nvidiactl", "/dev/nvidia-modeset", # nvidia
|
"/dev/nvidiactl", "/dev/nvidia-modeset", # nvidia
|
||||||
"/dev/nvidia-uvm", "/dev/nvidia-uvm-tools" # nvidia OpenCl/CUDA
|
"/dev/nvidia-uvm", "/dev/nvidia-uvm-tools" # nvidia OpenCl/CUDA
|
||||||
]
|
]
|
||||||
|
|
||||||
|
if dirExists(folder):
|
||||||
|
mountDriFolder(call, folder)
|
||||||
|
|
||||||
for mount in mounts:
|
for mount in mounts:
|
||||||
if deviceExists(mount):
|
if deviceExists(mount) or dirExists(mount):
|
||||||
call.addMount("--dev-bind", mount)
|
call.addMount("--dev-bind", mount)
|
||||||
|
|
||||||
for i in 0..20:
|
for i in 0..20:
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_dir() {
|
||||||
for application in "$dir/"*; do
|
for application in "$dir/"*; do
|
||||||
file="$(basename "$application")"
|
file="$(basename "$application")"
|
||||||
|
|
||||||
sed "s/Exec=/Exec=bwshell --name '$file' --profile gui /gi" "$application" > "$target/$file"
|
sed "s/^Exec=/Exec=bwshell --name '$file' --profile gui /gi" "$application" > "$target/$file"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue