mirror of
https://github.com/Kron4ek/Conty
synced 2024-12-27 09:58:25 +01:00
Properly handle spaces for all bwrap parameters
Use bash arrays instead of just variables to properly handle spaces.
This commit is contained in:
Kron4ek
parent
ea3a106654
commit
c186b86cbd
1 changed files with 27 additions and 31 deletions
|
|
@ -12,7 +12,7 @@ if [ $EUID = 0 ] && [ -z "$ALLOW_ROOT" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
script_version="1.20"
|
script_version="1.21"
|
||||||
|
|
||||||
# Full path to the script
|
# Full path to the script
|
||||||
script_literal="${BASH_SOURCE[0]}"
|
script_literal="${BASH_SOURCE[0]}"
|
||||||
|
|
@ -43,7 +43,7 @@ mount_point="${working_dir}"/mnt
|
||||||
# a problem with mounting the image due to an incorrectly calculated offset.
|
# a problem with mounting the image due to an incorrectly calculated offset.
|
||||||
|
|
||||||
# The size of this script
|
# The size of this script
|
||||||
scriptsize=24207
|
scriptsize=23929
|
||||||
|
|
||||||
# The size of the utils archive
|
# The size of the utils archive
|
||||||
utilssize=2542302
|
utilssize=2542302
|
||||||
|
|
@ -559,43 +559,39 @@ run_bwrap () {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${SANDBOX}" = 1 ]; then
|
if [ "${SANDBOX}" = 1 ]; then
|
||||||
sandbox_params="--tmpfs /home \
|
sandbox_params+=("--tmpfs" "/home" \
|
||||||
--dir ${HOME} \
|
"--tmpfs" "/opt" \
|
||||||
--tmpfs /opt \
|
"--tmpfs" "/mnt" \
|
||||||
--tmpfs /mnt \
|
"--tmpfs" "/media" \
|
||||||
--tmpfs /media \
|
"--tmpfs" "/var" \
|
||||||
--tmpfs /var \
|
"--tmpfs" "/run" \
|
||||||
--tmpfs /run \
|
"--symlink" "/run" "/var/run" \
|
||||||
--symlink /run /var/run \
|
"--tmpfs" "/tmp" \
|
||||||
--tmpfs /tmp \
|
"--dir" "${HOME}" \
|
||||||
--new-session"
|
"--new-session")
|
||||||
|
|
||||||
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 2 ]; then
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 2 ]; then
|
||||||
sandbox_level_msg="(level 2)"
|
sandbox_level_msg="(level 2)"
|
||||||
sandbox_params="${sandbox_params} \
|
sandbox_params+=("--dir" "${XDG_RUNTIME_DIR}" \
|
||||||
--dir ${XDG_RUNTIME_DIR} \
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/${wayland_socket} "${XDG_RUNTIME_DIR}"/${wayland_socket} \
|
||||||
--ro-bind-try ${XDG_RUNTIME_DIR}/${wayland_socket} ${XDG_RUNTIME_DIR}/${wayland_socket} \
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/pulse "${XDG_RUNTIME_DIR}"/pulse \
|
||||||
--ro-bind-try ${XDG_RUNTIME_DIR}/pulse ${XDG_RUNTIME_DIR}/pulse \
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/pipewire-0 "${XDG_RUNTIME_DIR}"/pipewire-0 \
|
||||||
--ro-bind-try ${XDG_RUNTIME_DIR}/pipewire-0 ${XDG_RUNTIME_DIR}/pipewire-0 \
|
"--unshare-pid" \
|
||||||
--unshare-pid \
|
"--unshare-user-try" \
|
||||||
--unshare-user-try \
|
"--unsetenv" "DBUS_SESSION_BUS_ADDRESS")
|
||||||
--unsetenv DBUS_SESSION_BUS_ADDRESS"
|
|
||||||
else
|
else
|
||||||
sandbox_level_msg="(level 1)"
|
sandbox_level_msg="(level 1)"
|
||||||
sandbox_params="${sandbox_params} \
|
sandbox_params+=("--bind-try" "${XDG_RUNTIME_DIR}" "${XDG_RUNTIME_DIR}" \
|
||||||
--bind-try ${XDG_RUNTIME_DIR} ${XDG_RUNTIME_DIR} \
|
"--bind-try" "/run/dbus" "/run/dbus")
|
||||||
--bind-try /run/dbus /run/dbus"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
||||||
sandbox_level_msg="(level 3)"
|
sandbox_level_msg="(level 3)"
|
||||||
DISABLE_NET=1
|
DISABLE_NET=1
|
||||||
sandbox_params="${sandbox_params} \
|
sandbox_params+=("--ro-bind-try" "/tmp/.X11-unix/X${xephyr_display}" "/tmp/.X11-unix/X${xephyr_display}" \
|
||||||
--ro-bind-try /tmp/.X11-unix/X${xephyr_display} /tmp/.X11-unix/X${xephyr_display} \
|
"--setenv" "DISPLAY" ":${xephyr_display}")
|
||||||
--setenv DISPLAY :${xephyr_display}"
|
|
||||||
else
|
else
|
||||||
sandbox_params="${sandbox_params} \
|
sandbox_params+=("--ro-bind-try" "/tmp/.X11-unix" "/tmp/.X11-unix")
|
||||||
--ro-bind-try /tmp/.X11-unix /tmp/.X11-unix"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
show_msg "Sandbox is enabled ${sandbox_level_msg}"
|
show_msg "Sandbox is enabled ${sandbox_level_msg}"
|
||||||
|
|
@ -610,7 +606,7 @@ run_bwrap () {
|
||||||
if [ -n "${HOME_DIR}" ]; then
|
if [ -n "${HOME_DIR}" ]; then
|
||||||
show_msg "Set home directory to ${HOME_DIR}"
|
show_msg "Set home directory to ${HOME_DIR}"
|
||||||
|
|
||||||
custom_home="--bind ${HOME_DIR} ${HOME}"
|
custom_home+=("--bind" "${HOME_DIR}" "${HOME}")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set the XAUTHORITY variable if it's missing (which is unlikely)
|
# Set the XAUTHORITY variable if it's missing (which is unlikely)
|
||||||
|
|
@ -641,8 +637,8 @@ run_bwrap () {
|
||||||
--ro-bind-try /etc/machine-id /etc/machine-id \
|
--ro-bind-try /etc/machine-id /etc/machine-id \
|
||||||
--ro-bind-try /etc/asound.conf /etc/asound.conf \
|
--ro-bind-try /etc/asound.conf /etc/asound.conf \
|
||||||
--ro-bind-try /etc/localtime /etc/localtime \
|
--ro-bind-try /etc/localtime /etc/localtime \
|
||||||
${sandbox_params} \
|
"${sandbox_params[@]}" \
|
||||||
${custom_home} \
|
"${custom_home[@]}" \
|
||||||
${unshare_net} \
|
${unshare_net} \
|
||||||
--ro-bind-try "${XAUTHORITY}" "${XAUTHORITY}" \
|
--ro-bind-try "${XAUTHORITY}" "${XAUTHORITY}" \
|
||||||
--setenv PATH "${CUSTOM_PATH}" \
|
--setenv PATH "${CUSTOM_PATH}" \
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue