add dbus and dri

lib/config.nim

@@ -16,13 +16,6 @@ type Config* = object
   mountcwd*: Option[bool]
   privileged*: Option[bool]
   sethostname*: Option[bool]
-  allowdri*: Option[bool]
-  dbus*: Option[bool]
-  dbussee*: Option[seq[string]]
-  dbustalk*: Option[seq[string]]
-  dbusown*: Option[seq[string]]
-  dbuscall*: Option[seq[string]]
-  dbusbroadcast*: Option[seq[string]]
 
 proc applyConfig*(call: var BwrapCall, config: Config) =
   for mount in config.mount.get(@[]):
@@ -46,19 +39,10 @@ proc extendConfig*(config: var Config): Config {.discardable.} =
   var eConf = loadConfig(getProfilePath(config.extends.unsafeGet))
   eConf.extendConfig()
 
-  # todo: replace using macro / templates
   config.mount = some(config.mount.get(@[]).concat(eConf.mount.get(@[])))
   config.romount = some(config.romount.get(@[]).concat(eConf.romount.get(@[])))
   config.symlinks = some(config.symlinks.get(@[]).concat(eConf.symlinks.get(@[])))
   config.mountcwd = some(config.mountcwd.get(eConf.mountcwd.get(false)))
   config.sethostname = some(config.sethostname.get(eConf.sethostname.get(false)))
-  config.allowdri = some(config.allowdri.get(eConf.allowdri.get(false)))
-
-  config.dbus = some(config.dbus.get(eConf.dbus.get(false)))
-  config.dbussee = some(config.dbussee.get(@[]).concat(eConf.dbussee.get(@[])))
-  config.dbustalk = some(config.dbustalk.get(@[]).concat(eConf.dbustalk.get(@[])))
-  config.dbusown = some(config.dbusown.get(@[]).concat(eConf.dbusown.get(@[])))
-  config.dbuscall = some(config.dbuscall.get(@[]).concat(eConf.dbuscall.get(@[])))
-  config.dbusbroadcast = some(config.dbusbroadcast.get(@[]).concat(eConf.dbusbroadcast.get(@[])))
 
   return config

lib/dbus.nim

@@ -1,54 +1,43 @@
 import strformat
-import options
-import config
 import osproc
-import random
-import os
 
 type DbusProxy* = object
-  process*: Process
-  socket*: string
   args: seq[string]
 
-proc exec*(proxy: var DbusProxy) =
+proc addSee*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--see={name}")
+  proxy
+
+proc addTalk*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--talk={name}")
+  proxy
+
+proc addOwn*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--own={name}")
+  proxy
+
+proc addCall*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--call={name}")
+  proxy
+
+proc addBroadcast*(proxy: var DbusProxy, name: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"--broadcast={name}")
+  proxy
+
+proc paths*(proxy: var DbusProxy, systembus: string, filterbus: string): var DbusProxy {.discardable.} =
+  proxy.args.add(&"unix:path={systembus}")
+  proxy.args.add(filterbus)
+  proxy
+
+proc log*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--log")
+  proxy
+
+proc filter*(proxy: var DbusProxy): var DbusProxy {.discardable.} =
+  proxy.args.add("--filter")
+  proxy
+
+proc exec*(proxy: DbusProxy): Process {.discardable.} =
   # todo: start dbus proxy in bwrap
   # todo: pass arguments as fd
-  proxy.process = startProcess("xdg-dbus-proxy", args = proxy.args,
+  startProcess("xdg-dbus-proxy", args = proxy.args, options = {poEchoCmd, poParentStreams, poUsePath})
-    options = {poEchoCmd, poParentStreams, poUsePath})
-
-proc startDBusProxy*(config: Config, hostname: string): DbusProxy =
-  let busPath = getEnv("DBUS_SESSION_BUS_ADDRESS")
-  let runtimeDir = getEnv("XDG_RUNTIME_DIR")
-
-  if busPath == "" or runtimeDir == "":
-    raise newException(IOError, "DBUS_SESSION_BUS_ADDRESS and XDG_RUNTIME_DIR are required")
-
-  let id = rand(1000)
-  let filterName = &"dbus-proxy-{hostname}-{id}"
-
-  var proxy = DbusProxy()
-  proxy.socket = &"{runtimeDir}/{filterName}"
-
-  proxy.args.add(busPath)
-  proxy.args.add(proxy.socket)
-
-  for name in config.dbussee.get(@[]):
-    proxy.args.add(&"--see={name}")
-
-  for name in config.dbustalk.get(@[]):
-    proxy.args.add(&"--talk={name}")
-
-  for name in config.dbuscall.get(@[]):
-    proxy.args.add(&"--call={name}")
-
-  for name in config.dbusown.get(@[]):
-    proxy.args.add(&"--own={name}")
-
-  for name in config.dbusbroadcast.get(@[]):
-    proxy.args.add(&"--broadcast={name}")
-
-  proxy.args.add("--filter")
-  proxy.args.add("--log")
-  proxy.exec()
-
-  proxy

lib/sandbox.nim

@@ -1,12 +1,11 @@
-import strutils
+import os
-import options
-import config
-import utils
-import bwrap
 import args
 import json
 import dbus
-import os
+import utils
+import bwrap
+import config
+import options
 
 proc sandboxExec*(args: Args) =
   var call = BwrapCall()
@@ -35,10 +34,28 @@ proc sandboxExec*(args: Args) =
   var config = loadConfig(configPath.unsafeGet)
   config.extendConfig()
 
+  var proxy = DbusProxy()
+
+  proxy
+    .paths("/run/user/1000/bus", "/run/user/1000/.bus-sandboxed/test2")
+    .addCall("org.freedesktop.Notifications.*=@/org/freedesktop/Notifications")
+    .addCall("org.freedesktop.portal.*=*")
+    .addBroadcast("org.freedesktop.portal.*=@/org/freedesktop/portal/*")
+    .addOwn("org.mpris.MediaPlayer2.spotify")
+    .filter()
+    .log()
+    .exec()
+
   call
     .addArg("--dev", "/dev")
+    # https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
+    .addMount("--dev-bind", "/dev/dri")
+    .addMount("--dev-bind", "/dev/nvidiactl")
+    .addMount("--dev-bind", "/dev/nvidia-modeset")
+    .addMount("--dev-bind", "/dev/nvidia0")
     .addMount("--dev-bind", "/dev/random")
     .addMount("--dev-bind", "/dev/urandom")
+    .addArg("--ro-bind", "/run/user/1000/.bus-sandboxed/test2", "/run/user/1000/bus")
     .addArg("--tmpfs", "/tmp")
     .addArg("--tmpfs", "/dev/shm")
     .addArg("--proc", "/proc")
@@ -48,18 +65,6 @@ proc sandboxExec*(args: Args) =
     .addArg("--setenv", "BWSANDBOX", "1")
     .applyConfig(config)
 
-  if config.dbus.get(false):
-    # todo: handle process and cleanup later
-    let proxy = startDBusProxy(config, hostname)
-    call.addArg("--ro-bind", proxy.socket,
-      getEnv("DBUS_SESSION_BUS_ADDRESS").split('=')[1])
-
-    # todo: use fd signaling instead of this
-    sleep(100)
-
-  if config.allowdri.get(false):
-    enableDri(call)
-
   if config.mountcwd.get(false):
     call
       .addMount("--bind", getCurrentDir())

lib/utils.nim

@@ -1,8 +1,5 @@
-import strformat
-import posix
-import bwrap
-import args
 import os
+import args
 
 const APP_NAME = "bwsandbox"
 
@@ -25,27 +22,4 @@ proc getProfilePath*(args: Args): string =
 proc getSandboxPath*(name: string): string =
   getDataDir()
     .joinPath(APP_NAME)
-    .joinPath(name)
+    .joinPath(name)
-
-proc deviceExists(path: string): bool =
-  var res: Stat
-  return stat(path, res) >= 0 and S_ISCHR(res.st_mode)
-
-# https://github.com/flatpak/flatpak/blob/1bdbb80ac57df437e46fce2cdd63e4ff7704718b/common/flatpak-run.c#L1496
-proc enableDri*(call: var BwrapCall) =
-  const mounts = [
-    "/dev/dri",                                # general
-    "/dev/mali", "/dev/mali0", "/dev/umplock", # mali
-    "/dev/nvidiactl", "/dev/nvidia-modeset",   # nvidia
-    "/dev/nvidia-uvm", "/dev/nvidia-uvm-tools" # nvidia OpenCl/CUDA
-  ]
-
-  for mount in mounts:
-    if deviceExists(mount):
-      call.addMount("--dev-bind", mount)
-
-  for i in 0..20:
-    let device = &"/dev/nvidia{i}"
-
-    if deviceExists(device):
-      call.addMount("--dev-bind", device)

main.nim

@@ -1,7 +1,6 @@
 import lib/sandbox
 import lib/args
 import options
-import random
 
 proc main(): int =
   let args = parseArgs()
@@ -10,7 +9,6 @@ proc main(): int =
     echo "Usage: bwshell --command=cmd --profile=profile <sandbox_name>"
     return 1
   else:
-    randomize()
     sandboxExec(args.unsafeGet)
 
 quit(main())