From 78c8a5951c3b638435e14d1a3d8f9ec826d6403b Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Sun, 9 Mar 2025 11:47:42 -0400
Subject: [PATCH] WIP: Switch to wl-mitm as the compositor sandboxing solution

---
 assets/wl-mitm-config.toml            | 33 +++++++++++++++
 deps/base-archlinux/Containerfile     |  2 +-
 deps/compositor-sandbox/Containerfile | 61 +++++++++++++++++++++++++++
 deps/compositor-sandbox/entrypoint.sh | 36 ++++++++++++++++
 dobu-run.sh                           |  6 +--
 functions.sh                          | 30 +++++++------
 6 files changed, 151 insertions(+), 17 deletions(-)
 create mode 100644 assets/wl-mitm-config.toml
 create mode 100644 deps/compositor-sandbox/Containerfile
 create mode 100755 deps/compositor-sandbox/entrypoint.sh

diff --git a/assets/wl-mitm-config.toml b/assets/wl-mitm-config.toml
new file mode 100644
index 0000000..508b574
--- /dev/null
+++ b/assets/wl-mitm-config.toml
@@ -0,0 +1,33 @@
+[socket]
+listen = "/xdg_runtime/wayland-10"
+upstream = "/xdg_runtime/wayland-0"
+
+[exec]
+notify = "/usr/bin/notify-libnotify.sh"
+
+[filter]
+allowed_globals = [
+    "wl_compositor",
+    "wl_shm",
+    "wl_data_device_manager",
+    "wl_output",
+    "wl_seat",
+    "xdg_wm_base",
+    "zxdg_decoration_manager_v1",
+    "wp_presentation",
+    "wp_viewporter",
+    "zwp_linux_dmabuf_v1",
+    "wl_drm",
+    "wp_drm_lease_device_v1",
+    "wp_linux_drm_syncobj_manager_v1",
+    "zxdg_output_manager_v1",
+    "zwp_pointer_constraints_v1",
+    "zwp_xwayland_keyboard_grab_manager_v1",
+    "zwp_relative_pointer_manager_v1",
+]
+
+[[filter.requests]]
+interface = "wl_data_offer"
+requests = [ "receive" ]
+action = "notify"
+desc = "pasted from clipboard or accepted drag and drop"
diff --git a/deps/base-archlinux/Containerfile b/deps/base-archlinux/Containerfile
index 524c66b..ade8acf 100644
--- a/deps/base-archlinux/Containerfile
+++ b/deps/base-archlinux/Containerfile
@@ -1,4 +1,4 @@
-FROM docker.io/archlinux:base-20250209.0.306557
+FROM docker.io/archlinux:base-20250302.0.316047
 
 RUN echo -e "[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf
 
diff --git a/deps/compositor-sandbox/Containerfile b/deps/compositor-sandbox/Containerfile
new file mode 100644
index 0000000..da0407a
--- /dev/null
+++ b/deps/compositor-sandbox/Containerfile
@@ -0,0 +1,61 @@
+ARG WL_MITM_COMMIT=49ed44763955da1fd227220f52070d72ae61bfdc
+ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
+
+FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-wl-mitm
+ARG WL_MITM_COMMIT
+
+RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm git rustup \
+      && rustup default nightly \
+      && rustup update
+
+RUN mkdir /build && cd /build \
+      && git clone https://gitea.angry.im/PeterCxy/wl-mitm \
+      && cd wl-mitm \
+      && git checkout $SOMMELIER_COMMIT
+
+RUN cd /build/wl-mitm && ./generate.sh && cargo build --release
+
+FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-sommelier
+ARG SOMMELIER_COMMIT
+
+RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm git meson ninja python python-jinja \
+                               xorg-xwayland wayland libdrm pixman mesa \ 
+                               libxcb libxkbcommon-x11
+
+RUN mkdir /build && cd /build \
+      && git clone https://chromium.googlesource.com/chromiumos/platform2 \
+      && cd platform2 \
+      && git checkout $SOMMELIER_COMMIT
+
+RUN cd /build/platform2/vm_tools/sommelier \
+      && sed -i 's/args\[i++\] = "-rootless";/args[i++] = "-rootless"; args[i++] = "-extension"; args[i++] = "MIT-SHM";/' sommelier.cc \
+      && sed -i 's/bool noop_driver = false;/bool noop_driver = true;/' sommelier.cc \
+      && meson build -Dwith_tests=false && ninja -C build
+
+# Build from ../base-archlinux
+FROM dobu/deps-base-archlinux:latest
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm xorg-xwayland pixman libnotify
+
+COPY --from=builder-wl-mitm /build/wl-mitm/target/release/wl-mitm /usr/bin/
+COPY --from=builder-wl-mitm /build/wl-mitm/contrib/notify-libnotify.sh /usr/bin/
+COPY --from=builder-sommelier /build/platform2/vm_tools/sommelier/build/sommelier /usr/bin/
+COPY ./entrypoint.sh /
+
+USER user
+
+ENV WM_RENDER_NODE=/dev/dri/renderD128
+
+# These paths MUST be bind-mounted from host
+VOLUME /xdg_runtime
+VOLUME /tmp/.X11-unix
+VOLUME /tmp/wl-mitm-config.toml
+
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/deps/compositor-sandbox/entrypoint.sh b/deps/compositor-sandbox/entrypoint.sh
new file mode 100755
index 0000000..2fca816
--- /dev/null
+++ b/deps/compositor-sandbox/entrypoint.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# wl-mitm (config is external but expected to listen on wayland-10)
+echo "Starting wl-mitm"
+wl-mitm /tmp/wl-mitm-config.toml &
+WL_MITM=$!
+
+for i in $(seq 1 5); do
+    [ -S /xdg_runtime/wayland-10 ] && break
+    sleep 1
+done
+
+if [ ! -S /xdg_runtime/wayland-10 ]; then
+  echo "wl-mitm did not start"
+  exit 1
+fi
+
+# X Sommelier (will listen on :1)
+echo "Starting X11 Sommelier"
+sommelier --display=wayland-10 --xwayland-path=/usr/bin/Xwayland \
+  -X --glamor --x-display=1 --xwayland-gl-driver-path=/usr/lib/dri \
+  --force-drm-device=$WM_RENDER_NODE --direct-scale --noop-driver sleep infinity &
+SOMMELIER_X=$!
+
+for i in $(seq 1 5); do
+    [ -S /tmp/.X11-unix/X1 ] && break
+    sleep 1
+done
+
+if [ ! -S /tmp/.X11-unix/X1 ]; then
+  echo "X Sommelier did not start"
+  exit 1
+fi
+
+wait $SOMMELIER_X
+wait $WL_MITM
diff --git a/dobu-run.sh b/dobu-run.sh
index 918caf6..4b36073 100755
--- a/dobu-run.sh
+++ b/dobu-run.sh
@@ -54,9 +54,9 @@ if is_in_array "$1" "${DISPLAY_SERVER_APP_ALLOWLIST[@]}"; then
     die "Wayland / Xorg sockets do not exist"
   fi
 else
-  # Make sure we have Sommelier running first
-  ensure_sommelier
-  WAYLAND_SRC="$DOBU_TMP/xdg_runtime/wayland-1"
+  # Make sure we have compositor-sandbox running first
+  ensure_compositor_sandbox
+  WAYLAND_SRC="$DOBU_TMP/xdg_runtime/wayland-10"
   XORG_SRC="$DOBU_TMP/X11-unix/X1"
 fi
 
diff --git a/functions.sh b/functions.sh
index 72ddcca..3b434f0 100644
--- a/functions.sh
+++ b/functions.sh
@@ -90,34 +90,38 @@ container_entrypoint() {
   podman inspect $1 | jq -r '.[0].Config.Entrypoint'
 }
 
-ensure_sommelier() {
-  assert_image_exists dobu/deps-sommelier
-  remove_stale_container dobu-deps-sommelier
-  if container_exists dobu-deps-sommelier; then
-    [ -S "$DOBU_TMP/X11-unix/X1" ] && [ -S "$DOBU_TMP/xdg_runtime/wayland-1" ] && return
-    log "Killing non-functional Sommelier container"
-    podman kill dobu-deps-sommelier
-    podman rm -f dobu-deps-sommelier
+ensure_compositor_sandbox() {
+  assert_image_exists dobu/deps-compositor-sandbox
+  remove_stale_container dobu-deps-compositor-sandbox
+  if container_exists dobu-deps-compositor-sandbox; then
+    existing_config_sha="$(sha1sum "$DOBU_TMP/wl-mitm-config.toml" | awk '{ print $1; }')"
+    new_config_sha="$(sha1sum "$script_path/assets/wl-mitm-config.toml" | awk '{ print $1; }')"
+    [ -S "$DOBU_TMP/X11-unix/X1" ] && [ -S "$DOBU_TMP/xdg_runtime/wayland-10" ] && [ "$existing_config_sha" == "$new_config_sha" ] && return
+    log "Killing non-functional compositor-sandbox container"
+    podman kill dobu-deps-compositor-sandbox
+    podman rm -f dobu-deps-compositor-sandbox
   fi
 
   rm -rf "$DOBU_TMP/xdg_runtime" || true
   rm -rf "$DOBU_TMP/X11-unix" || true
   mkdir -p "$DOBU_TMP/xdg_runtime"
   mkdir -p "$DOBU_TMP/X11-unix"
+  cp "$script_path/assets/wl-mitm-config.toml" "$DOBU_TMP/wl-mitm-config.toml"
 
-  log "Starting Sommelier as a nested compositor..."
+  log "Starting compositor-sandbox (wl-mitm for Wayland and X Sommelier for X11)..."
 
-  podman run --rm -d "${podman_security_args[@]}" --name dobu-deps-sommelier \
+  podman run --rm -d "${podman_security_args[@]}" --name dobu-deps-compositor-sandbox \
     -v "$DOBU_TMP/xdg_runtime":/xdg_runtime \
+    `# wl-mitm config` \
+    -v "$DOBU_TMP/wl-mitm-config.toml":/tmp/wl-mitm-config.toml \
     `# Pass through host wayland display for Sommelier always as wayland-0` \
     -v "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY":/xdg_runtime/wayland-0 \
     `# X11-unix uses hard-coded path` \
     -v "$DOBU_TMP/X11-unix":/tmp/.X11-unix \
     `# DRM render nodes` \
     -v /dev/dri:/dev/dri \
-    dobu/deps-sommelier
-  while [ ! -S "$DOBU_TMP/xdg_runtime/wayland-1" ] || [ ! -S "$DOBU_TMP/X11-unix/X1" ]; do
- 
+    dobu/deps-compositor-sandbox
+  while [ ! -S "$DOBU_TMP/xdg_runtime/wayland-10" ] || [ ! -S "$DOBU_TMP/X11-unix/X1" ]; do
     sleep 0.5
   done
 }