Try to rely less on hardcoded paths

.gitignore

@@ -1,3 +1,4 @@
 .idea
 bwbox
 result
+scripts/applications

bwbox.nimble

@@ -2,7 +2,7 @@
 
 version       = "1.0.0"
 author        = "mawalu"
-description   = "A DNS server for the ACME DNS-01 challenge"
+description   = "An experimental sandbox tool for linux apps"
 license       = "MIT"
 srcDir        = "."
 bin           = @["bwbox"]

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1649321570,
-        "narHash": "sha256-j0SM2JzxKA3aGdH1QJUWqKW7lkHG1fuGLnPye4pBTBY=",
+        "lastModified": 1652368125,
+        "narHash": "sha256-AaNNYTSxN+f85oBN2tnz8SNWiTmFo35jddTHXQjNDgM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2c6bdafd36837e6422d18837ca1c77159be28a5a",
+        "rev": "f73cc9cbd82a7a8ce626bbaf02a55c1cfb34d6e5",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,16 +1,14 @@
 {
-  description = "An experimental sandbox tool for linux apps";
+  description = "An experimental sandboxing tool for linux apps";
 
   inputs.nixpkgs.url = github:NixOS/nixpkgs;
 
   outputs = { self, nixpkgs }: {
-
     packages.x86_64-linux.default =
       with import nixpkgs { system = "x86_64-linux"; };
       nimPackages.buildNimPackage {
         name = "bwbox";
         src = self;
       };
-
   };
 }

lib/args.nim

@@ -5,9 +5,10 @@ type Args* = object
   name*: Option[string]
   cmd*: Option[seq[string]]
   profile*: Option[string]
+  debug*: bool
 
 proc getCmd*(args: Args): seq[string] =
-  return args.cmd.get(@[getEnv("SHELL", "/bin/bash")])
+  return args.cmd.get(@[getEnv("SHELL", "/bin/sh")])
 
 proc getProfile*(args: Args): string =
   if args.profile.isSome:
@@ -16,22 +17,26 @@ proc getProfile*(args: Args): string =
   return "default"
 
 proc parseArgs*(): Option[Args] =
-  var args = Args()
+  var args = Args(debug: false)
 
   var command = newSeq[string]()
+  var parsingSandboxArgs = true
   var i = 1
 
   while i <= paramCount():
     var arg = paramStr(i)
 
-    if arg == "--name":
+    if arg == "--name" and parsingSandboxArgs:
       args.name = some(paramStr(i + 1))
       i += 2
-    elif arg == "--profile":
+    elif arg == "--profile" and parsingSandboxArgs:
       args.profile = some(paramStr(i + 1))
       i += 2
+    elif arg == "--debug" and parsingSandboxArgs:
+      args.debug = true
+      i += 1
     else:
-      echo arg
+      parsingSandboxArgs = false
       command.add(arg)
       i += 1
 

lib/bwrap.nim

@@ -1,3 +1,4 @@
+import os
 import posix
 import sequtils
 
@@ -14,4 +15,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall
   call
 
 proc exec*(call: var BwrapCall) =
-  discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
+  discard execv("/usr/bin/env", allocCStringArray(@["/usr/bin/env", "bwrap"].concat(call.args)))

lib/sandbox.nim

@@ -69,4 +69,12 @@ proc sandboxExec*(args: Args) =
   if config.allowdri.get(false):
     enableDri(call)
 
-  call.addArg(args.getCmd).exec()
+  # resolve binary path outside of the sandbox
+  var cmd = args.getCmd
+
+  echo cmd
+  cmd[0] = findExe(cmd[0])
+
+  echo cmd
+
+  call.addArg(cmd).exec()

scripts/applications.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/run/current-system/sw/bin/bash
 
 if [ $# -ne 1 ]; then
   echo "Usage: $0 <target_dir>"
@@ -12,15 +12,18 @@ check_dir() {
   for application in "$dir/"*; do
     file="$(basename "$application")"
 
-    sed "s/^Exec=/Exec=bwshell --name '$file' --profile gui /gi" "$application" > "$target/$file"
+    sed "s/^Exec=/Exec=bwbox --name '$file' --profile wayland /gi" "$application" > "$target/$file"
   done
 }
 
-dirs=("/usr/share/applications" "$HOME/.local/share/applications")
+dirs=($(echo "$XDG_DATA_DIRS" | tr ':' '\n'))
+dirs+=("$HOME/.local/share")
 target="$1"
 
 mkdir -p "$target"
 
 for dir in "${dirs[@]}"; do
-  check_dir "$dir"
+  if [ -d "$dir/applications" ]; then
+    check_dir "$dir/applications"
+  fi
 done