PeterCxy/dobu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: PeterCxy:78c8a5951c3b638435e14d1a3d8f9ec826d6403b
Branches Tags
PeterCxy:main
...
compare: PeterCxy:a821781ae008bfb256890c759f457fd9fe597be6
Branches Tags
PeterCxy:main

2 commits
78c8a5951c ... a821781ae0

Author SHA1 Message Date
Peter Cai
a821781ae0 Per-container compositor sandbox 2025-03-09 15:52:08 -04:00
Peter Cai
41482e4524 Update wl-mitm 2025-03-09 15:26:35 -04:00
4 changed files with 26 additions and 22 deletions
Show stats Expand all files Collapse all files

2
assets/wl-mitm-config.toml
View file

@ -3,7 +3,7 @@ listen = "/xdg_runtime/wayland-10"
upstream = "/xdg_runtime/wayland-0" upstream = "/xdg_runtime/wayland-0"
[exec] [exec]
notify = "/usr/bin/notify-libnotify.sh" notify_cmd = "/usr/bin/notify-libnotify.sh"
[filter] [filter]
allowed_globals = [ allowed_globals = [

2
deps/compositor-sandbox/Containerfile vendored
View file

@ -1,4 +1,4 @@
ARG WL_MITM_COMMIT=49ed44763955da1fd227220f52070d72ae61bfdc ARG WL_MITM_COMMIT=ea591acb8e1a4926e49011b8b5098ab4a5b37973
ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-wl-mitm FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-wl-mitm

9
dobu-run.sh
View file

@ -6,7 +6,8 @@ assert_prerequisites
[ -z "$1" ] && die "Expecting 1 argument" [ -z "$1" ] && die "Expecting 1 argument"
image_name="$(relative_path_to_image_name "apps/$1")" app_name="$1"
image_name="$(relative_path_to_image_name "apps/$app_name")"
# image_name is of the form dobu/xxxx, while for containers we want dobu-xxx # image_name is of the form dobu/xxxx, while for containers we want dobu-xxx
container_name="${image_name/\//-}" container_name="${image_name/\//-}"
home_path="$HOMEDIR_STORAGE/$1" home_path="$HOMEDIR_STORAGE/$1"
@ -55,9 +56,9 @@ if is_in_array "$1" "${DISPLAY_SERVER_APP_ALLOWLIST[@]}"; then
fi fi
else else
# Make sure we have compositor-sandbox running first # Make sure we have compositor-sandbox running first
ensure_compositor_sandbox ensure_compositor_sandbox "$app_name"
WAYLAND_SRC="$DOBU_TMP/xdg_runtime/wayland-10" WAYLAND_SRC="$DOBU_TMP/$app_name/xdg_runtime/wayland-10"
XORG_SRC="$DOBU_TMP/X11-unix/X1" XORG_SRC="$DOBU_TMP/$app_name/X11-unix/X1"
fi fi
# Prepare $HOME for the container # Prepare $HOME for the container

35
functions.sh
View file

@ -91,37 +91,40 @@ container_entrypoint() {
} }
ensure_compositor_sandbox() { ensure_compositor_sandbox() {
local app_name="$1"
local sandbox_name=dobu-deps-compositor-sandbox-$app_name
local sandbox_tmp="$DOBU_TMP/$app_name"
assert_image_exists dobu/deps-compositor-sandbox assert_image_exists dobu/deps-compositor-sandbox
remove_stale_container dobu-deps-compositor-sandbox remove_stale_container $sandbox_name
if container_exists dobu-deps-compositor-sandbox; then if container_exists $sandbox_name; then
existing_config_sha="$(sha1sum "$DOBU_TMP/wl-mitm-config.toml" | awk '{ print $1; }')" existing_config_sha="$(sha1sum "$sandbox_tmp/wl-mitm-config.toml" | awk '{ print $1; }')"
new_config_sha="$(sha1sum "$script_path/assets/wl-mitm-config.toml" | awk '{ print $1; }')" new_config_sha="$(sha1sum "$script_path/assets/wl-mitm-config.toml" | awk '{ print $1; }')"
[ -S "$DOBU_TMP/X11-unix/X1" ] && [ -S "$DOBU_TMP/xdg_runtime/wayland-10" ] && [ "$existing_config_sha" == "$new_config_sha" ] && return [ -S "$sandbox_tmp/X11-unix/X1" ] && [ -S "$sandbox_tmp/xdg_runtime/wayland-10" ] && [ "$existing_config_sha" == "$new_config_sha" ] && return
log "Killing non-functional compositor-sandbox container" log "Killing non-functional compositor-sandbox container"
podman kill dobu-deps-compositor-sandbox podman kill $sandbox_name
podman rm -f dobu-deps-compositor-sandbox podman rm -f $sandbox_name
fi fi
rm -rf "$DOBU_TMP/xdg_runtime" || true rm -rf "$sandbox_tmp/xdg_runtime" || true
rm -rf "$DOBU_TMP/X11-unix" || true rm -rf "$sandbox_tmp/X11-unix" || true
mkdir -p "$DOBU_TMP/xdg_runtime" mkdir -p "$sandbox_tmp/xdg_runtime"
mkdir -p "$DOBU_TMP/X11-unix" mkdir -p "$sandbox_tmp/X11-unix"
cp "$script_path/assets/wl-mitm-config.toml" "$DOBU_TMP/wl-mitm-config.toml" cp "$script_path/assets/wl-mitm-config.toml" "$sandbox_tmp/wl-mitm-config.toml"
log "Starting compositor-sandbox (wl-mitm for Wayland and X Sommelier for X11)..." log "Starting compositor-sandbox (wl-mitm for Wayland and X Sommelier for X11)..."
podman run --rm -d "${podman_security_args[@]}" --name dobu-deps-compositor-sandbox \ podman run --rm -d "${podman_security_args[@]}" --name $sandbox_name \
-v "$DOBU_TMP/xdg_runtime":/xdg_runtime \ -v "$sandbox_tmp/xdg_runtime":/xdg_runtime \
`# wl-mitm config` \ `# wl-mitm config` \
-v "$DOBU_TMP/wl-mitm-config.toml":/tmp/wl-mitm-config.toml \ -v "$sandbox_tmp/wl-mitm-config.toml":/tmp/wl-mitm-config.toml \
`# Pass through host wayland display for Sommelier always as wayland-0` \ `# Pass through host wayland display for Sommelier always as wayland-0` \
-v "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY":/xdg_runtime/wayland-0 \ -v "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY":/xdg_runtime/wayland-0 \
`# X11-unix uses hard-coded path` \ `# X11-unix uses hard-coded path` \
-v "$DOBU_TMP/X11-unix":/tmp/.X11-unix \ -v "$sandbox_tmp/X11-unix":/tmp/.X11-unix \
`# DRM render nodes` \ `# DRM render nodes` \
-v /dev/dri:/dev/dri \ -v /dev/dri:/dev/dri \
dobu/deps-compositor-sandbox dobu/deps-compositor-sandbox
while [ ! -S "$DOBU_TMP/xdg_runtime/wayland-10" ] || [ ! -S "$DOBU_TMP/X11-unix/X1" ]; do while [ ! -S "$sandbox_tmp/xdg_runtime/wayland-10" ] || [ ! -S "$sandbox_tmp/X11-unix/X1" ]; do
sleep 0.5 sleep 0.5
done done
} }