- commit
- 8aed117c1b9c2aedd60925ab2674434de83469f8
- parent
- 4355299d6edbe0966783b0315ba6443b664fc972
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2024-06-16 13:43
support more arguments
Diffstat
| M | rules/gui | 18 | +++++++++--------- |
| M | rules/host-os | 16 | ++++++++-------- |
| M | rules/network | 6 | +++--- |
| M | xiwrap.py | 52 | +++++++++++++++++++++++++++++++--------------------- |
4 files changed, 51 insertions, 41 deletions
diff --git a/rules/gui b/rules/gui
@@ -6,15 +6,15 @@ setenv WAYLAND_DISPLAY 6 6 setenv XDG_CURRENT_DESKTOP 7 7 ro-bind $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY 8 89 -1 ro-bind /etc/fonts10 -1 ro-bind /usr/share/fonts11 -1 ro-bind /usr/share/icons12 -1 ro-bind /usr/share/themes/13 -1 ro-bind $HOME/.local/share/fonts14 -1 ro-bind $HOME/.local/share/icons15 -1 ro-bind $HOME/.local/share/themes16 -1 bind $HOME/.cache/fontconfig17 -1 bind $HOME/.cache/thumbnails-1 9 ro-bind-try /etc/fonts -1 10 ro-bind-try /usr/share/fonts -1 11 ro-bind-try /usr/share/icons -1 12 ro-bind-try /usr/share/themes/ -1 13 ro-bind-try $HOME/.local/share/fonts -1 14 ro-bind-try $HOME/.local/share/icons -1 15 ro-bind-try $HOME/.local/share/themes -1 16 bind-try $HOME/.cache/fontconfig -1 17 bind-try $HOME/.cache/thumbnails 18 18 19 19 dbus-talk org.a11y.Bus 20 20
diff --git a/rules/host-os b/rules/host-os
@@ -1,8 +1,8 @@1 -1 ro-bind /usr2 -1 ro-bind /bin3 -1 ro-bind /sbin4 -1 ro-bind /lib5 -1 ro-bind /lib326 -1 ro-bind /lib647 -1 ro-bind /etc/ld.so.cache8 -1 ro-bind /etc/alternatives-1 1 ro-bind-try /usr -1 2 ro-bind-try /bin -1 3 ro-bind-try /sbin -1 4 ro-bind-try /lib -1 5 ro-bind-try /lib32 -1 6 ro-bind-try /lib64 -1 7 ro-bind-try /etc/ld.so.cache -1 8 ro-bind-try /etc/alternatives
diff --git a/rules/network b/rules/network
@@ -1,4 +1,4 @@ 1 1 share-net2 -1 ro-bind /etc/resolv.conf3 -1 ro-bind /etc/ssl4 -1 ro-bind /etc/ca-certificates-1 2 ro-bind-try /etc/resolv.conf -1 3 ro-bind-try /etc/ssl -1 4 ro-bind-try /etc/ca-certificates
diff --git a/xiwrap.py b/xiwrap.py
@@ -12,32 +12,35 @@ SYSTEM_CONFIG = Path('/etc') / 'xiwrap'
12 12
13 13 DBUS_PROXY_PATH = XDG_RUNTIME_DIR / f'dbus-proxy-{os.getpid()}'
14 14
15 -1 USAGE = """Usage: xiwrap [OPTION]... -- [BWRAP_OPTIONS]... CMD
-1 15 USAGE = """Usage: xiwrap [OPTION]... -- CMD
16 16
17 -1 Example: xiwrap --import host-os --setenv TERM -- --chdir /tmp bash
-1 17 Example: xiwrap --import host-os --setenv TERM -- bash
18 18
19 19 The following options are available:
20 20
21 21 -h, --help Print this message and exit
22 22 --debug Print the bwrap command instead of executing it.
-1 23 --share-pid Do not create new pid namespace.
-1 24 --share-net Do not create new network namespace.
-1 25 --share-ipc Do not create new ipc namespace.
23 26 --setenv VAR [VALUE] Set an environment variable. If VALUE is not provided,
24 -1 the value from the current environment is kept.
25 -1 --bind DEST [SRC] Bind mount the host path SRC on DEST. If SRC is not
26 -1 provided, it is the same as DEST. Ignored if SRC does
27 -1 not exist.
28 -1 --ro-bind DEST [SRC] Bind mount the host path SRC readonly on DEST. If SRC
29 -1 is not provided, it is the same as DEST. Ignored if SRC
30 -1 does not exist.
-1 27 share it from the current environment
-1 28 --bind SRC [DEST], --bind-try SRC [DEST], --dev-bind SRC [DEST],
-1 29 --dev-bind-try SRC [DEST], --ro-bind SRC [DEST], --ro-bind-try SRC [DEST]
-1 30 Bind mount the host path SRC on DEST. If SRC is not
-1 31 provided, it is the same as DEST. See `man bwrap` for
-1 32 details.
31 33 --proc DEST Mount new procfs on DEST.
32 34 --dev DEST Mount new dev on DEST.
33 35 --tmpfs DEST Mount new tmpfs on DEST.
34 -1 --share-net Do not create new network namespace.
-1 36 --mqueue DEST Mount new mqueue on DEST.
-1 37 --dir DEST Create a directory at DEST.
35 38 --dbus-see NAME Allow to see NAME on the session bus.
36 39 --dbus-talk NAME Allow to talk to NAME on the session bus.
37 40 --dbus-own NAME Allow to own NAME on the session bus.
38 -1 --dbus-call NAME=RULE Set a rule for calls on the given name.
-1 41 --dbus-call NAME=RULE Set a rule for method calls on NAME.
39 42 --dbus-broadcast NAME=RULE
40 -1 Set a rule for broadcast signals from the given name.
-1 43 Set a rule for broadcast signals from NAME.
41 44 --import FILE Load additional options from FILE. FILE can be an
42 45 absolute path or relative to the current directory,
43 46 $XDG_CONFIG_HOME/xiwrap/ or /etc/xiwrap/. FILE must
@@ -61,7 +64,7 @@ class RuleSet:
61 64 '/proc': ('proc', None),
62 65 }
63 66 self.dbus = {}
64 -1 self.share_net = False
-1 67 self.share = {}
65 68 self.sync_fds = None
66 69 self.debug = False
67 70 self.usage = False
@@ -107,10 +110,10 @@ class RuleSet:
107 110 raise RuleError(key, args)
108 111 path = self.find_config_file(args[0], cwd)
109 112 self.read_config_file(path)
110 -1 elif key == 'share-net':
-1 113 elif key in ['share-ipc', 'share-pid', 'share-net']:
111 114 if len(args) != 0:
112 115 raise RuleError(key, args)
113 -1 self.share_net = True
-1 116 self.share[key] = True
114 117 elif key in [
115 118 'dbus-see', 'dbus-talk', 'dbus-own', 'dbus-call', 'dbus-broadcast'
116 119 ]:
@@ -121,10 +124,17 @@ class RuleSet:
121 124 elif key == 'setenv':
122 125 var, value = self.parse_env(key, args)
123 126 self.env[var] = value
124 -1 elif key in ['ro-bind', 'bind']:
-1 127 elif key in [
-1 128 'bind',
-1 129 'bind-try',
-1 130 'dev-bind',
-1 131 'dev-bind-try',
-1 132 'ro-bind',
-1 133 'ro-bind-try',
-1 134 ]:
125 135 src, target = self.parse_path(key, args)
126 136 self.paths[expandvars(target)] = (key, expandvars(src))
127 -1 elif key in ['tmpfs', 'dev', 'proc']:
-1 137 elif key in ['tmpfs', 'dev', 'proc', 'mqueue', 'dir']:
128 138 if len(args) != 1:
129 139 raise RuleError(key, args)
130 140 self.paths[expandvars(args[0])] = (key, None)
@@ -169,12 +179,12 @@ class RuleSet:
169 179 'bwrap',
170 180 '--die-with-parent',
171 181 '--clearenv',
172 -1 '--unshare-pid',
173 182 ]
174 -1 if not self.share_net:
175 -1 cmd += ['--unshare-net']
176 183 if self.sync_fds is not None:
177 184 cmd += ['--sync-fd', str(self.sync_fds[0])]
-1 185 for key in ['share-ipc', 'share-pid', 'share-net']:
-1 186 if not self.share.get(key):
-1 187 cmd.append(f'--un{key}')
178 188 for key, value in self.env.items():
179 189 if value is not None:
180 190 cmd += ['--setenv', key, value]
@@ -183,7 +193,7 @@ class RuleSet:
183 193 if src is None:
184 194 cmd += [f'--{typ}', target]
185 195 else:
186 -1 cmd += [f'--{typ}-try', src, target]
-1 196 cmd += [f'--{typ}', src, target]
187 197 return cmd + bwrap_args
188 198
189 199 def build_dbus(self):