Add Wayland support #50
Conversation
There was a problem hiding this comment.
@rhjdvsgsgks very interesting, thank you! 👍 This will take testing against actual Wayland which so far none of my boxes have — I have X11 —, so it will take a few days.
| @@ -273,14 +278,21 @@ def create_bwrap_argv(config): | |||
| if config.pulseaudio: | |||
| pulseaudio_socket = f'/run/user/{os.getuid()}/pulse/native' | |||
| env_tasks['PULSE_SERVER'] = f'unix:{pulseaudio_socket}' | |||
| mount_tasks += [MountTask(MountMode.BIND_RW, pulseaudio_socket)] | |||
| mount_tasks += [MountTask(MountMode.BIND_RO, pulseaudio_socket)] | |||
There was a problem hiding this comment.
If this works in practice, it will be misleading because audio is read and written. So I would ask to revert this change, for the sake of clarity and realistic expectations (even before testing). We can discuss changing it more if there are good reasons but that should be a dedicated issue and or pull request then. Thank you!
There was a problem hiding this comment.
im worried about program in sandbox may able to replace and hijack the socket file if we dont ro-bind it. also ro-bind is suggested by someone else on here https://wiki.archlinux.org/title/Bubblewrap/Examples#Firefox
There was a problem hiding this comment.
im worried about program in sandbox may able to replace and hijack the socket file if we dont ro-bind it.
@rhjdvsgsgks I cannot think of a threat model where you trust the app with audio but not with the audio socket. Please help me understand what I'm missing.
also ro-bind is suggested by someone else on here https://wiki.archlinux.org/title/Bubblewrap/Examples#Firefox
I'm not against the change, I'm against not understanding it and merging things before I understand them. Maybe it just takes playing with socket files more. Maybe there's something for me to learn about socket file permissions here.
i also changed pulseaudio_socket to use ro bind mount. because i found that it will not break anything