WIP: Switch to wl-mitm as the compositor sandboxing solution

assets/wl-mitm-config.toml

@@ -0,0 +1,33 @@
+[socket]
+listen = "/xdg_runtime/wayland-10"
+upstream = "/xdg_runtime/wayland-0"
+
+[exec]
+notify = "/usr/bin/notify-libnotify.sh"
+
+[filter]
+allowed_globals = [
+    "wl_compositor",
+    "wl_shm",
+    "wl_data_device_manager",
+    "wl_output",
+    "wl_seat",
+    "xdg_wm_base",
+    "zxdg_decoration_manager_v1",
+    "wp_presentation",
+    "wp_viewporter",
+    "zwp_linux_dmabuf_v1",
+    "wl_drm",
+    "wp_drm_lease_device_v1",
+    "wp_linux_drm_syncobj_manager_v1",
+    "zxdg_output_manager_v1",
+    "zwp_pointer_constraints_v1",
+    "zwp_xwayland_keyboard_grab_manager_v1",
+    "zwp_relative_pointer_manager_v1",
+]
+
+[[filter.requests]]
+interface = "wl_data_offer"
+requests = [ "receive" ]
+action = "notify"
+desc = "pasted from clipboard or accepted drag and drop"

deps/base-archlinux/Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/archlinux:base-20241006.0.268140
+FROM docker.io/archlinux:base-20250302.0.316047
 
 RUN echo -e "[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf
 

deps/compositor-sandbox/Containerfile

@@ -0,0 +1,61 @@
+ARG WL_MITM_COMMIT=49ed44763955da1fd227220f52070d72ae61bfdc
+ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
+
+FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-wl-mitm
+ARG WL_MITM_COMMIT
+
+RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm git rustup \
+      && rustup default nightly \
+      && rustup update
+
+RUN mkdir /build && cd /build \
+      && git clone https://gitea.angry.im/PeterCxy/wl-mitm \
+      && cd wl-mitm \
+      && git checkout $SOMMELIER_COMMIT
+
+RUN cd /build/wl-mitm && ./generate.sh && cargo build --release
+
+FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-sommelier
+ARG SOMMELIER_COMMIT
+
+RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm git meson ninja python python-jinja \
+                               xorg-xwayland wayland libdrm pixman mesa \ 
+                               libxcb libxkbcommon-x11
+
+RUN mkdir /build && cd /build \
+      && git clone https://chromium.googlesource.com/chromiumos/platform2 \
+      && cd platform2 \
+      && git checkout $SOMMELIER_COMMIT
+
+RUN cd /build/platform2/vm_tools/sommelier \
+      && sed -i 's/args\[i++\] = "-rootless";/args[i++] = "-rootless"; args[i++] = "-extension"; args[i++] = "MIT-SHM";/' sommelier.cc \
+      && sed -i 's/bool noop_driver = false;/bool noop_driver = true;/' sommelier.cc \
+      && meson build -Dwith_tests=false && ninja -C build
+
+# Build from ../base-archlinux
+FROM dobu/deps-base-archlinux:latest
+
+RUN pacman -Syu --noconfirm \
+      && pacman -S --noconfirm xorg-xwayland pixman libnotify
+
+COPY --from=builder-wl-mitm /build/wl-mitm/target/release/wl-mitm /usr/bin/
+COPY --from=builder-wl-mitm /build/wl-mitm/contrib/notify-libnotify.sh /usr/bin/
+COPY --from=builder-sommelier /build/platform2/vm_tools/sommelier/build/sommelier /usr/bin/
+COPY ./entrypoint.sh /
+
+USER user
+
+ENV WM_RENDER_NODE=/dev/dri/renderD128
+
+# These paths MUST be bind-mounted from host
+VOLUME /xdg_runtime
+VOLUME /tmp/.X11-unix
+VOLUME /tmp/wl-mitm-config.toml
+
+ENTRYPOINT [ "/entrypoint.sh" ]

deps/compositor-sandbox/entrypoint.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# wl-mitm (config is external but expected to listen on wayland-10)
+echo "Starting wl-mitm"
+wl-mitm /tmp/wl-mitm-config.toml &
+WL_MITM=$!
+
+for i in $(seq 1 5); do
+    [ -S /xdg_runtime/wayland-10 ] && break
+    sleep 1
+done
+
+if [ ! -S /xdg_runtime/wayland-10 ]; then
+  echo "wl-mitm did not start"
+  exit 1
+fi
+
+# X Sommelier (will listen on :1)
+echo "Starting X11 Sommelier"
+sommelier --display=wayland-10 --xwayland-path=/usr/bin/Xwayland \
+  -X --glamor --x-display=1 --xwayland-gl-driver-path=/usr/lib/dri \
+  --force-drm-device=$WM_RENDER_NODE --direct-scale --noop-driver sleep infinity &
+SOMMELIER_X=$!
+
+for i in $(seq 1 5); do
+    [ -S /tmp/.X11-unix/X1 ] && break
+    sleep 1
+done
+
+if [ ! -S /tmp/.X11-unix/X1 ]; then
+  echo "X Sommelier did not start"
+  exit 1
+fi
+
+wait $SOMMELIER_X
+wait $WL_MITM

deps/sommelier/Containerfile

@@ -1,6 +1,6 @@
-FROM docker.io/archlinux:base-devel-20240101.0.204074 AS builder
+FROM docker.io/archlinux:base-devel-20250209.0.306557 AS builder
 
-ARG SOMMELIER_COMMIT=371dd81388a946cd3cdae12288c05a6b3509fd7f
+ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
 
 RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
 

dobu-run.sh

@@ -54,9 +54,9 @@ if is_in_array "$1" "${DISPLAY_SERVER_APP_ALLOWLIST[@]}"; then
     die "Wayland / Xorg sockets do not exist"
   fi
 else
-  # Make sure we have Sommelier running first
+  # Make sure we have compositor-sandbox running first
-  ensure_sommelier
+  ensure_compositor_sandbox
-  WAYLAND_SRC="$DOBU_TMP/xdg_runtime/wayland-1"
+  WAYLAND_SRC="$DOBU_TMP/xdg_runtime/wayland-10"
   XORG_SRC="$DOBU_TMP/X11-unix/X1"
 fi
 

functions.sh

@@ -90,34 +90,38 @@ container_entrypoint() {
   podman inspect $1 | jq -r '.[0].Config.Entrypoint'
 }
 
-ensure_sommelier() {
+ensure_compositor_sandbox() {
-  assert_image_exists dobu/deps-sommelier
+  assert_image_exists dobu/deps-compositor-sandbox
-  remove_stale_container dobu-deps-sommelier
+  remove_stale_container dobu-deps-compositor-sandbox
-  if container_exists dobu-deps-sommelier; then
+  if container_exists dobu-deps-compositor-sandbox; then
-    [ -S "$DOBU_TMP/X11-unix/X1" ] && [ -S "$DOBU_TMP/xdg_runtime/wayland-1" ] && return
+    existing_config_sha="$(sha1sum "$DOBU_TMP/wl-mitm-config.toml" | awk '{ print $1; }')"
-    log "Killing non-functional Sommelier container"
+    new_config_sha="$(sha1sum "$script_path/assets/wl-mitm-config.toml" | awk '{ print $1; }')"
-    podman kill dobu-deps-sommelier
+    [ -S "$DOBU_TMP/X11-unix/X1" ] && [ -S "$DOBU_TMP/xdg_runtime/wayland-10" ] && [ "$existing_config_sha" == "$new_config_sha" ] && return
-    podman rm -f dobu-deps-sommelier
+    log "Killing non-functional compositor-sandbox container"
+    podman kill dobu-deps-compositor-sandbox
+    podman rm -f dobu-deps-compositor-sandbox
   fi
 
   rm -rf "$DOBU_TMP/xdg_runtime" || true
   rm -rf "$DOBU_TMP/X11-unix" || true
   mkdir -p "$DOBU_TMP/xdg_runtime"
   mkdir -p "$DOBU_TMP/X11-unix"
+  cp "$script_path/assets/wl-mitm-config.toml" "$DOBU_TMP/wl-mitm-config.toml"
 
-  log "Starting Sommelier as a nested compositor..."
+  log "Starting compositor-sandbox (wl-mitm for Wayland and X Sommelier for X11)..."
 
-  podman run --rm -d "${podman_security_args[@]}" --name dobu-deps-sommelier \
+  podman run --rm -d "${podman_security_args[@]}" --name dobu-deps-compositor-sandbox \
     -v "$DOBU_TMP/xdg_runtime":/xdg_runtime \
+    `# wl-mitm config` \
+    -v "$DOBU_TMP/wl-mitm-config.toml":/tmp/wl-mitm-config.toml \
     `# Pass through host wayland display for Sommelier always as wayland-0` \
     -v "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY":/xdg_runtime/wayland-0 \
     `# X11-unix uses hard-coded path` \
     -v "$DOBU_TMP/X11-unix":/tmp/.X11-unix \
     `# DRM render nodes` \
     -v /dev/dri:/dev/dri \
-    dobu/deps-sommelier
+    dobu/deps-compositor-sandbox
-  while [ ! -S "$DOBU_TMP/xdg_runtime/wayland-1" ] || [ ! -S "$DOBU_TMP/X11-unix/X1" ]; do
+  while [ ! -S "$DOBU_TMP/xdg_runtime/wayland-10" ] || [ ! -S "$DOBU_TMP/X11-unix/X1" ]; do
- 
     sleep 0.5
   done
 }