Compare commits
1 Commits
920eb49941
...
2cb658c723
Author | SHA1 | Date |
---|---|---|
Martin | 2cb658c723 |
|
@ -0,0 +1,43 @@
|
||||||
|
import strformat
|
||||||
|
import osproc
|
||||||
|
|
||||||
|
type DbusProxy* = object
|
||||||
|
args: seq[string]
|
||||||
|
|
||||||
|
proc addSee*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"--see={name}")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc addTalk*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"--talk={name}")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc addOwn*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"--own={name}")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc addCall*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"--call={name}")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc addBroadcast*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"--broadcast={name}")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc paths*(proxy: var DbusProxy, systembus: string, filterbus: string): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add(&"unix:path={systembus}")
|
||||||
|
proxy.args.add(filterbus)
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc log*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add("--log")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc filter*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
|
||||||
|
proxy.args.add("--filter")
|
||||||
|
proxy
|
||||||
|
|
||||||
|
proc exec*(proxy: DbusProxy): Process {.discardable.} =
|
||||||
|
# todo: start dbus proxy in bwrap
|
||||||
|
# todo: pass arguments as fd
|
||||||
|
startProcess("xdg-dbus-proxy", args = proxy.args, options = {poEchoCmd, poParentStreams, poUsePath})
|
|
@ -1,6 +1,7 @@
|
||||||
import os
|
import os
|
||||||
import args
|
import args
|
||||||
import json
|
import json
|
||||||
|
import dbus
|
||||||
import utils
|
import utils
|
||||||
import bwrap
|
import bwrap
|
||||||
import config
|
import config
|
||||||
|
@ -10,7 +11,7 @@ proc sandboxExec*(args: Args) =
|
||||||
var call = BwrapCall()
|
var call = BwrapCall()
|
||||||
var configPath = none(string)
|
var configPath = none(string)
|
||||||
|
|
||||||
let hostname = args.name.get(getProfile(argst ))
|
let hostname = args.name.get(getProfile(args))
|
||||||
|
|
||||||
if args.name.isSome:
|
if args.name.isSome:
|
||||||
let name = args.name.unsafeGet
|
let name = args.name.unsafeGet
|
||||||
|
@ -18,7 +19,6 @@ proc sandboxExec*(args: Args) =
|
||||||
let sandboxFiles = sandboxPath.joinPath("files")
|
let sandboxFiles = sandboxPath.joinPath("files")
|
||||||
let userConfig = sandboxPath.joinPath("config.json")
|
let userConfig = sandboxPath.joinPath("config.json")
|
||||||
|
|
||||||
|
|
||||||
createDir(sandboxFiles)
|
createDir(sandboxFiles)
|
||||||
call.addArg("--bind", sandboxFiles, getHomeDir())
|
call.addArg("--bind", sandboxFiles, getHomeDir())
|
||||||
|
|
||||||
|
@ -34,11 +34,30 @@ proc sandboxExec*(args: Args) =
|
||||||
var config = loadConfig(configPath.unsafeGet)
|
var config = loadConfig(configPath.unsafeGet)
|
||||||
config.extendConfig()
|
config.extendConfig()
|
||||||
|
|
||||||
|
var proxy = DbusProxy()
|
||||||
|
|
||||||
|
proxy
|
||||||
|
.paths("/run/user/1000/bus", "/run/user/1000/.bus-sandboxed/test2")
|
||||||
|
.addCall("org.freedesktop.Notifications.*=@/org/freedesktop/Notifications")
|
||||||
|
.addCall("org.freedesktop.portal.*=*")
|
||||||
|
.addBroadcast("org.freedesktop.portal.*=@/org/freedesktop/portal/*")
|
||||||
|
.addOwn("org.mpris.MediaPlayer2.spotify")
|
||||||
|
.filter()
|
||||||
|
.log()
|
||||||
|
.exec()
|
||||||
|
|
||||||
call
|
call
|
||||||
.addMount("--dev-bind", "/dev/null")
|
.addArg("--dev", "/dev")
|
||||||
|
# https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
|
||||||
|
.addMount("--dev-bind", "/dev/dri")
|
||||||
|
.addMount("--dev-bind", "/dev/nvidiactl")
|
||||||
|
.addMount("--dev-bind", "/dev/nvidia-modeset")
|
||||||
|
.addMount("--dev-bind", "/dev/nvidia0")
|
||||||
.addMount("--dev-bind", "/dev/random")
|
.addMount("--dev-bind", "/dev/random")
|
||||||
.addMount("--dev-bind", "/dev/urandom")
|
.addMount("--dev-bind", "/dev/urandom")
|
||||||
|
.addArg("--ro-bind", "/run/user/1000/.bus-sandboxed/test2", "/run/user/1000/bus")
|
||||||
.addArg("--tmpfs", "/tmp")
|
.addArg("--tmpfs", "/tmp")
|
||||||
|
.addArg("--tmpfs", "/dev/shm")
|
||||||
.addArg("--proc", "/proc")
|
.addArg("--proc", "/proc")
|
||||||
.addArg("--unshare-all")
|
.addArg("--unshare-all")
|
||||||
.addArg("--share-net")
|
.addArg("--share-net")
|
||||||
|
|
Loading…
Reference in New Issue