Mount all X sockets separately

Remount /tmp/.X11-unix as tmpfs and then mount all X sockets separately.
This fixes gamescope.
This commit is contained in:
Kron4ek 2022-08-27 19:12:29 +05:00
parent 71d2460e60
commit 36d01751b4

View file

@ -43,7 +43,7 @@ mount_point="${working_dir}"/mnt
# a problem with mounting the image due to an incorrectly calculated offset. # a problem with mounting the image due to an incorrectly calculated offset.
# The size of this script # The size of this script
scriptsize=24287 scriptsize=24535
# The size of the utils archive # The size of the utils archive
utilssize=2542302 utilssize=2542302
@ -548,6 +548,7 @@ run_bwrap () {
unset unshare_net unset unshare_net
unset custom_home unset custom_home
unset non_standard_home unset non_standard_home
unset xsockets
if [ -n "${WAYLAND_DISPLAY}" ]; then if [ -n "${WAYLAND_DISPLAY}" ]; then
wayland_socket="${WAYLAND_DISPLAY}" wayland_socket="${WAYLAND_DISPLAY}"
@ -560,7 +561,6 @@ run_bwrap () {
fi fi
# Handle non-standard HOME locations # Handle non-standard HOME locations
if [ -n "${HOME}" ] && [ "$(echo "${HOME}" | head -c 6)" != "/home/" ]; then if [ -n "${HOME}" ] && [ "$(echo "${HOME}" | head -c 6)" != "/home/" ]; then
non_standard_home+=("--tmpfs" "/home" \ non_standard_home+=("--tmpfs" "/home" \
"--bind" "${HOME}" "/home/${USER}" \ "--bind" "${HOME}" "/home/${USER}" \
@ -597,10 +597,6 @@ run_bwrap () {
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
sandbox_level_msg="(level 3)" sandbox_level_msg="(level 3)"
DISABLE_NET=1 DISABLE_NET=1
sandbox_params+=("--ro-bind-try" "/tmp/.X11-unix/X${xephyr_display}" "/tmp/.X11-unix/X${xephyr_display}" \
"--setenv" "DISPLAY" ":${xephyr_display}")
else
sandbox_params+=("--ro-bind-try" "/tmp/.X11-unix" "/tmp/.X11-unix")
fi fi
show_msg "Sandbox is enabled ${sandbox_level_msg}" show_msg "Sandbox is enabled ${sandbox_level_msg}"
@ -620,11 +616,26 @@ run_bwrap () {
[ ! -d "${HOME_DIR}" ] && mkdir -p "${HOME_DIR}" [ ! -d "${HOME_DIR}" ] && mkdir -p "${HOME_DIR}"
fi fi
# Set the XAUTHORITY variable if it's missing (which is unlikely) # Set the XAUTHORITY variable if it's missing
if [ -z "${XAUTHORITY}" ]; then if [ -z "${XAUTHORITY}" ]; then
XAUTHORITY="${HOME}"/.Xauthority XAUTHORITY="${HOME}"/.Xauthority
fi fi
# Mount X server sockets and XAUTHORITY
xsockets+=("--tmpfs" "/tmp/.X11-unix")
xsockets+=("--ro-bind-try" "${XAUTHORITY}" "${XAUTHORITY}")
if [ "$(ls /tmp/.X11-unix 2>/dev/null)" ]; then
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
xsockets+=("--ro-bind-try" "/tmp/.X11-unix/X${xephyr_display}" "/tmp/.X11-unix/X${xephyr_display}" \
"--setenv" "DISPLAY" ":${xephyr_display}")
else
for s in /tmp/.X11-unix/*; do
xsockets+=("--bind-try" "${s}" "${s}")
done
fi
fi
show_msg show_msg
launch_wrapper "${bwrap}" \ launch_wrapper "${bwrap}" \
@ -651,8 +662,8 @@ run_bwrap () {
"${non_standard_home[@]}" \ "${non_standard_home[@]}" \
"${sandbox_params[@]}" \ "${sandbox_params[@]}" \
"${custom_home[@]}" \ "${custom_home[@]}" \
"${xsockets[@]}" \
${unshare_net} \ ${unshare_net} \
--ro-bind-try "${XAUTHORITY}" "${XAUTHORITY}" \
--setenv PATH "${CUSTOM_PATH}" \ --setenv PATH "${CUSTOM_PATH}" \
"$@" "$@"
} }
@ -734,7 +745,7 @@ if [ "$(ls "${mount_point}" 2>/dev/null)" ] || \
fi fi
QUIET_MODE=1 DISABLE_NET=1 SANDBOX_LEVEL=2 run_bwrap \ QUIET_MODE=1 DISABLE_NET=1 SANDBOX_LEVEL=2 run_bwrap \
--bind /tmp/.X11-unix /tmp/.X11-unix \ --bind-try /tmp/.X11-unix /tmp/.X11-unix \
Xephyr -noreset -ac -br -screen ${XEPHYR_SIZE} :${xephyr_display} &>/dev/null & sleep 1 Xephyr -noreset -ac -br -screen ${XEPHYR_SIZE} :${xephyr_display} &>/dev/null & sleep 1
xephyr_pid=$! xephyr_pid=$!