-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Wayland support #50
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rhjdvsgsgks very interesting, thank you! 👍 This will take testing against actual Wayland which so far none of my boxes have — I have X11 —, so it will take a few days.
@@ -273,14 +278,21 @@ def create_bwrap_argv(config): | |||
if config.pulseaudio: | |||
pulseaudio_socket = f'/run/user/{os.getuid()}/pulse/native' | |||
env_tasks['PULSE_SERVER'] = f'unix:{pulseaudio_socket}' | |||
mount_tasks += [MountTask(MountMode.BIND_RW, pulseaudio_socket)] | |||
mount_tasks += [MountTask(MountMode.BIND_RO, pulseaudio_socket)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this works in practice, it will be misleading because audio is read and written. So I would ask to revert this change, for the sake of clarity and realistic expectations (even before testing). We can discuss changing it more if there are good reasons but that should be a dedicated issue and or pull request then. Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
im worried about program in sandbox may able to replace and hijack the socket file if we dont ro-bind it. also ro-bind is suggested by someone else on here https://wiki.archlinux.org/title/Bubblewrap/Examples#Firefox
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
im worried about program in sandbox may able to replace and hijack the socket file if we dont ro-bind it.
@rhjdvsgsgks I cannot think of a threat model where you trust the app with audio but not with the audio socket. Please help me understand what I'm missing.
also ro-bind is suggested by someone else on here https://wiki.archlinux.org/title/Bubblewrap/Examples#Firefox
I'm not against the change, I'm against not understanding it and merging things before I understand them. Maybe it just takes playing with socket files more. Maybe there's something for me to learn about socket file permissions here.
i also changed pulseaudio_socket to use ro bind mount. because i found that it will not break anything