add dbus and dri

2021-06-27 16:46:29 +02:00
2 changed files with 65 additions and 3 deletions
--- a/lib/dbus.nim
+++ b/lib/dbus.nim
@ -0,0 +1,43 @@
+import strformat
+import osproc
+
+type DbusProxy* = object
+  args: seq[string]
+
+proc addSee*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--see={name}")
+  proxy
+
+proc addTalk*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--talk={name}")
+  proxy
+
+proc addOwn*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--own={name}")
+  proxy
+
+proc addCall*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--call={name}")
+  proxy
+
+proc addBroadcast*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--broadcast={name}")
+  proxy
+
+proc paths*(proxy: var DbusProxy, systembus: string, filterbus: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"unix:path={systembus}")
+  proxy.args.add(filterbus)
+  proxy
+
+proc log*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--log")
+  proxy
+
+proc filter*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--filter")
+  proxy
+
+proc exec*(proxy: DbusProxy): Process {.discardable.} =
+  # todo: start dbus proxy in bwrap
+  # todo: pass arguments as fd
+  startProcess("xdg-dbus-proxy", args = proxy.args, options = {poEchoCmd, poParentStreams, poUsePath})
--- a/lib/sandbox.nim
+++ b/lib/sandbox.nim
@ -1,6 +1,7 @@
 import os
 import args
 import json
+import dbus
 import utils
 import bwrap
 import config
@ -10,7 +11,7 @@ proc sandboxExec*(args: Args) =
  var call = BwrapCall()
  var configPath = none(string)

-  let hostname = args.name.get(getProfile(argst ))
+  let hostname = args.name.get(getProfile(args))

  if args.name.isSome:
    let name = args.name.unsafeGet
@ -18,7 +19,6 @@ proc sandboxExec*(args: Args) =
    let sandboxFiles = sandboxPath.joinPath("files")
    let userConfig = sandboxPath.joinPath("config.json")

-
    createDir(sandboxFiles)
    call.addArg("--bind", sandboxFiles, getHomeDir())

@ -34,11 +34,30 @@ proc sandboxExec*(args: Args) =
  var config = loadConfig(configPath.unsafeGet)
  config.extendConfig()

+  var proxy = DbusProxy()
+
+  proxy
+    .paths("/run/user/1000/bus", "/run/user/1000/.bus-sandboxed/test2")
+    .addCall("org.freedesktop.Notifications.*=@/org/freedesktop/Notifications")
+    .addCall("org.freedesktop.portal.*=*")
+    .addBroadcast("org.freedesktop.portal.*=@/org/freedesktop/portal/*")
+    .addOwn("org.mpris.MediaPlayer2.spotify")
+    .filter()
+    .log()
+    .exec()
+
  call
-    .addMount("--dev-bind", "/dev/null")
+    .addArg("--dev", "/dev")
+    # https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
+    .addMount("--dev-bind", "/dev/dri")
+    .addMount("--dev-bind", "/dev/nvidiactl")
+    .addMount("--dev-bind", "/dev/nvidia-modeset")
+    .addMount("--dev-bind", "/dev/nvidia0")
    .addMount("--dev-bind", "/dev/random")
    .addMount("--dev-bind", "/dev/urandom")
+    .addArg("--ro-bind", "/run/user/1000/.bus-sandboxed/test2", "/run/user/1000/bus")
    .addArg("--tmpfs", "/tmp")
+    .addArg("--tmpfs", "/dev/shm")
    .addArg("--proc", "/proc")
    .addArg("--unshare-all")
    .addArg("--share-net")