Try to rely less on hardcoded paths

This commit is contained in:
Martin 2022-05-12 17:51:55 +02:00
parent 6ca24383f0
commit 71eb05c09a
Signed by: mawalu
GPG Key ID: BF556F989760A7C8
8 changed files with 34 additions and 18 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
.idea .idea
bwbox bwbox
result result
scripts/applications

View File

@ -2,7 +2,7 @@
version = "1.0.0" version = "1.0.0"
author = "mawalu" author = "mawalu"
description = "A DNS server for the ACME DNS-01 challenge" description = "An experimental sandbox tool for linux apps"
license = "MIT" license = "MIT"
srcDir = "." srcDir = "."
bin = @["bwbox"] bin = @["bwbox"]

View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1649321570, "lastModified": 1652368125,
"narHash": "sha256-j0SM2JzxKA3aGdH1QJUWqKW7lkHG1fuGLnPye4pBTBY=", "narHash": "sha256-AaNNYTSxN+f85oBN2tnz8SNWiTmFo35jddTHXQjNDgM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2c6bdafd36837e6422d18837ca1c77159be28a5a", "rev": "f73cc9cbd82a7a8ce626bbaf02a55c1cfb34d6e5",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -1,16 +1,14 @@
{ {
description = "An experimental sandbox tool for linux apps"; description = "An experimental sandboxing tool for linux apps";
inputs.nixpkgs.url = github:NixOS/nixpkgs; inputs.nixpkgs.url = github:NixOS/nixpkgs;
outputs = { self, nixpkgs }: { outputs = { self, nixpkgs }: {
packages.x86_64-linux.default = packages.x86_64-linux.default =
with import nixpkgs { system = "x86_64-linux"; }; with import nixpkgs { system = "x86_64-linux"; };
nimPackages.buildNimPackage { nimPackages.buildNimPackage {
name = "bwbox"; name = "bwbox";
src = self; src = self;
}; };
}; };
} }

View File

@ -5,9 +5,10 @@ type Args* = object
name*: Option[string] name*: Option[string]
cmd*: Option[seq[string]] cmd*: Option[seq[string]]
profile*: Option[string] profile*: Option[string]
debug*: bool
proc getCmd*(args: Args): seq[string] = proc getCmd*(args: Args): seq[string] =
return args.cmd.get(@[getEnv("SHELL", "/bin/bash")]) return args.cmd.get(@[getEnv("SHELL", "/bin/sh")])
proc getProfile*(args: Args): string = proc getProfile*(args: Args): string =
if args.profile.isSome: if args.profile.isSome:
@ -16,22 +17,26 @@ proc getProfile*(args: Args): string =
return "default" return "default"
proc parseArgs*(): Option[Args] = proc parseArgs*(): Option[Args] =
var args = Args() var args = Args(debug: false)
var command = newSeq[string]() var command = newSeq[string]()
var parsingSandboxArgs = true
var i = 1 var i = 1
while i <= paramCount(): while i <= paramCount():
var arg = paramStr(i) var arg = paramStr(i)
if arg == "--name": if arg == "--name" and parsingSandboxArgs:
args.name = some(paramStr(i + 1)) args.name = some(paramStr(i + 1))
i += 2 i += 2
elif arg == "--profile": elif arg == "--profile" and parsingSandboxArgs:
args.profile = some(paramStr(i + 1)) args.profile = some(paramStr(i + 1))
i += 2 i += 2
elif arg == "--debug" and parsingSandboxArgs:
args.debug = true
i += 1
else: else:
echo arg parsingSandboxArgs = false
command.add(arg) command.add(arg)
i += 1 i += 1

View File

@ -1,3 +1,4 @@
import os
import posix import posix
import sequtils import sequtils
@ -14,4 +15,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall
call call
proc exec*(call: var BwrapCall) = proc exec*(call: var BwrapCall) =
discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args))) discard execv("/usr/bin/env", allocCStringArray(@["/usr/bin/env", "bwrap"].concat(call.args)))

View File

@ -69,4 +69,12 @@ proc sandboxExec*(args: Args) =
if config.allowdri.get(false): if config.allowdri.get(false):
enableDri(call) enableDri(call)
call.addArg(args.getCmd).exec() # resolve binary path outside of the sandbox
var cmd = args.getCmd
echo cmd
cmd[0] = findExe(cmd[0])
echo cmd
call.addArg(cmd).exec()

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/run/current-system/sw/bin/bash
if [ $# -ne 1 ]; then if [ $# -ne 1 ]; then
echo "Usage: $0 <target_dir>" echo "Usage: $0 <target_dir>"
@ -12,15 +12,18 @@ check_dir() {
for application in "$dir/"*; do for application in "$dir/"*; do
file="$(basename "$application")" file="$(basename "$application")"
sed "s/^Exec=/Exec=bwshell --name '$file' --profile gui /gi" "$application" > "$target/$file" sed "s/^Exec=/Exec=bwbox --name '$file' --profile wayland /gi" "$application" > "$target/$file"
done done
} }
dirs=("/usr/share/applications" "$HOME/.local/share/applications") dirs=($(echo "$XDG_DATA_DIRS" | tr ':' '\n'))
dirs+=("$HOME/.local/share")
target="$1" target="$1"
mkdir -p "$target" mkdir -p "$target"
for dir in "${dirs[@]}"; do for dir in "${dirs[@]}"; do
check_dir "$dir" if [ -d "$dir/applications" ]; then
check_dir "$dir/applications"
fi
done done