134 lines
5.4 KiB
Diff
134 lines
5.4 KiB
Diff
|
From 5d1224b87ea10f3026ecf53c4c448ac4655add04 Mon Sep 17 00:00:00 2001
|
||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||
|
Date: Tue, 20 Feb 2024 11:17:20 +0100
|
||
|
Subject: [PATCH] sandbox: Add support for Wayland
|
||
|
Content-type: text/plain
|
||
|
|
||
|
- use XWayland for X application if it's run in Wayland session
|
||
|
- run Wayland apps directly if it's run in Wayland session
|
||
|
- add sandbox -Y option to run run Wayland application
|
||
|
|
||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||
|
---
|
||
|
sandbox/sandbox | 26 ++++++++++++++++++++++++--
|
||
|
sandbox/sandboxX.sh | 36 ++++++++++++++++++++++++------------
|
||
|
2 files changed, 48 insertions(+), 14 deletions(-)
|
||
|
|
||
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||
|
index 7ab98076fd2b..009b5f4df8f2 100644
|
||
|
--- a/sandbox/sandbox
|
||
|
+++ b/sandbox/sandbox
|
||
|
@@ -344,6 +344,10 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||
|
action="callback", callback=self.__x_callback,
|
||
|
default=False, help=_("run X application within a sandbox"))
|
||
|
|
||
|
+ parser.add_option("-Y", dest="Y_ind",
|
||
|
+ action="callback", callback=self.__x_callback,
|
||
|
+ default=False, help=_("run Wayland application within a sandbox"))
|
||
|
+
|
||
|
parser.add_option("-H", "--homedir",
|
||
|
action="callback", callback=self.__validdir,
|
||
|
type="string",
|
||
|
@@ -457,6 +461,16 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||
|
selinux.chcon(self.__runuserdir, self.__filecon, recursive=True)
|
||
|
selinux.setfscreatecon(None)
|
||
|
|
||
|
+ def __is_wayland_app(self):
|
||
|
+ binary = shutil.which(self.__paths[0])
|
||
|
+ if binary is None:
|
||
|
+ return True
|
||
|
+ output = subprocess.run(['ldd', binary], capture_output=True)
|
||
|
+ for line in str(output.stdout, "utf-8").split('\n'):
|
||
|
+ if line.find("libwayland") != -1:
|
||
|
+ return "yes"
|
||
|
+ return False
|
||
|
+
|
||
|
def __execute(self):
|
||
|
try:
|
||
|
cmds = [SEUNSHARE, "-Z", self.__execcon]
|
||
|
@@ -465,7 +479,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||
|
if self.__mount:
|
||
|
cmds += ["-t", self.__tmpdir, "-h", self.__homedir, "-r", self.__runuserdir]
|
||
|
|
||
|
- if self.__options.X_ind:
|
||
|
+ if self.__options.X_ind or self.__options.Y_ind:
|
||
|
if self.__options.dpi:
|
||
|
dpi = self.__options.dpi
|
||
|
else:
|
||
|
@@ -474,6 +488,9 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||
|
from gi.repository import Gtk
|
||
|
dpi = str(Gtk.Settings.get_default().props.gtk_xft_dpi / 1024)
|
||
|
|
||
|
+ if os.environ.get('WAYLAND_DISPLAY') is not None:
|
||
|
+ cmds += ["-W", os.environ["WAYLAND_DISPLAY"]]
|
||
|
+
|
||
|
xmodmapfile = self.__homedir + "/.xmodmap"
|
||
|
xd = open(xmodmapfile, "w")
|
||
|
try:
|
||
|
@@ -484,7 +501,12 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||
|
|
||
|
self.__setup_sandboxrc(self.__options.wm)
|
||
|
|
||
|
- cmds += ["--", SANDBOXSH, self.__options.windowsize, dpi]
|
||
|
+ if self.__options.Y_ind or self.__is_wayland_app():
|
||
|
+ WN = "yes"
|
||
|
+ else:
|
||
|
+ WN = "no"
|
||
|
+
|
||
|
+ cmds += ["--", SANDBOXSH, WN, self.__options.windowsize, dpi]
|
||
|
else:
|
||
|
cmds += ["--"] + self.__paths
|
||
|
return subprocess.Popen(cmds).wait()
|
||
|
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||
|
index c211ebc14549..e2a7ad9b2ac7 100644
|
||
|
--- a/sandbox/sandboxX.sh
|
||
|
+++ b/sandbox/sandboxX.sh
|
||
|
@@ -2,20 +2,32 @@
|
||
|
trap "" TERM
|
||
|
context=`id -Z | secon -t -l -P`
|
||
|
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
|
||
|
-[ -z $1 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$1"
|
||
|
-[ -z $2 ] && export DPI="96" || export DPI="$2"
|
||
|
+[ -z $1 ] && export WAYLAND_NATIVE="no" || export WAYLAND_NATIVE="$1"
|
||
|
+[ -z $2 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$2"
|
||
|
+[ -z $3 ] && export DPI="96" || export DPI="$3"
|
||
|
trap "exit 0" HUP
|
||
|
|
||
|
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||
|
- export DISPLAY=:$D
|
||
|
- cat > ~/seremote << __EOF
|
||
|
-#!/bin/sh
|
||
|
-DISPLAY=$DISPLAY "\$@"
|
||
|
+if [ "$WAYLAND_NATIVE" == "no" ]; then
|
||
|
+ if [ -z "$WAYLAND_DISPLAY" ]; then
|
||
|
+ DISPLAY_COMMAND='/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null'
|
||
|
+ else
|
||
|
+ DISPLAY_COMMAND='/usr/bin/Xwayland -terminate -dpi $DPI -retro -geometry $SCREENSIZE -decorate -displayfd 5 5>&1 2>/dev/null'
|
||
|
+ fi
|
||
|
+ eval $DISPLAY_COMMAND | while read D; do
|
||
|
+ export DISPLAY=:$D
|
||
|
+ cat > ~/seremote << __EOF
|
||
|
+#!/bin/bash -x
|
||
|
+export DISPLAY=$DISPLAY
|
||
|
+export WAYLAND_DISPLAY=$WAYLAND_DISPLAY
|
||
|
+"\$@"
|
||
|
__EOF
|
||
|
- chmod +x ~/seremote
|
||
|
+ chmod +x ~/seremote
|
||
|
+ /usr/share/sandbox/start $HOME/.sandboxrc
|
||
|
+ export EXITCODE=$?
|
||
|
+ kill -TERM 0
|
||
|
+ break
|
||
|
+ done
|
||
|
+else
|
||
|
/usr/share/sandbox/start $HOME/.sandboxrc
|
||
|
- export EXITCODE=$?
|
||
|
- kill -TERM 0
|
||
|
- break
|
||
|
-done
|
||
|
+fi
|
||
|
exit 0
|
||
|
--
|
||
|
2.44.0
|
||
|
|