add dbus and dri

lib/dbus.nim

@@ -0,0 +1,43 @@
+import strformat
+import osproc
+
+type DbusProxy* = object
+  args: seq[string]
+
+proc addSee*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--see={name}")
+  proxy
+
+proc addTalk*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--talk={name}")
+  proxy
+
+proc addOwn*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--own={name}")
+  proxy
+
+proc addCall*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--call={name}")
+  proxy
+
+proc addBroadcast*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--broadcast={name}")
+  proxy
+
+proc paths*(proxy: var DbusProxy, systembus: string, filterbus: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"unix:path={systembus}")
+  proxy.args.add(filterbus)
+  proxy
+
+proc log*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--log")
+  proxy
+
+proc filter*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--filter")
+  proxy
+
+proc exec*(proxy: DbusProxy): Process {.discardable.} =
+  # todo: start dbus proxy in bwrap
+  # todo: pass arguments as fd
+  startProcess("xdg-dbus-proxy", args = proxy.args, options = {poEchoCmd, poParentStreams, poUsePath})

lib/sandbox.nim

@@ -1,6 +1,7 @@
 import os
 import args
 import json
+import dbus
 import utils
 import bwrap
 import config
@@ -10,7 +11,7 @@ proc sandboxExec*(args: Args) =
   var call = BwrapCall()
   var configPath = none(string)
 
-  let hostname = args.name.get(getProfile(argst ))
+  let hostname = args.name.get(getProfile(args))
 
   if args.name.isSome:
     let name = args.name.unsafeGet
@@ -18,7 +19,6 @@ proc sandboxExec*(args: Args) =
     let sandboxFiles = sandboxPath.joinPath("files")
     let userConfig = sandboxPath.joinPath("config.json")
 
-
     createDir(sandboxFiles)
     call.addArg("--bind", sandboxFiles, getHomeDir())
 
@@ -34,11 +34,30 @@ proc sandboxExec*(args: Args) =
   var config = loadConfig(configPath.unsafeGet)
   config.extendConfig()
 
+  var proxy = DbusProxy()
+
+  proxy
+    .paths("/run/user/1000/bus", "/run/user/1000/.bus-sandboxed/test2")
+    .addCall("org.freedesktop.Notifications.*=@/org/freedesktop/Notifications")
+    .addCall("org.freedesktop.portal.*=*")
+    .addBroadcast("org.freedesktop.portal.*=@/org/freedesktop/portal/*")
+    .addOwn("org.mpris.MediaPlayer2.spotify")
+    .filter()
+    .log()
+    .exec()
+
   call
-    .addMount("--dev-bind", "/dev/null")
+    .addArg("--dev", "/dev")
+    # https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
+    .addMount("--dev-bind", "/dev/dri")
+    .addMount("--dev-bind", "/dev/nvidiactl")
+    .addMount("--dev-bind", "/dev/nvidia-modeset")
+    .addMount("--dev-bind", "/dev/nvidia0")
     .addMount("--dev-bind", "/dev/random")
     .addMount("--dev-bind", "/dev/urandom")
+    .addArg("--ro-bind", "/run/user/1000/.bus-sandboxed/test2", "/run/user/1000/bus")
     .addArg("--tmpfs", "/tmp")
+    .addArg("--tmpfs", "/dev/shm")
     .addArg("--proc", "/proc")
     .addArg("--unshare-all")
     .addArg("--share-net")