bwrap-helper: Do not filter dbus socket

This is not ideal security-wise, but the only way to protect my sanity
from whatever steam and some of my games try to do with the dbus socket.
This commit is contained in:
Simon Bruder 2021-01-09 12:53:34 +01:00
parent 39742c8fbd
commit 73f4c7080b
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
2 changed files with 2 additions and 25 deletions

View file

@ -5,7 +5,6 @@ import argparse
import os
import shutil
import subprocess
import time
def flat_map(f, iterable):
@ -139,8 +138,7 @@ argument_groups = {
]),
]),
"dbus": (False, [
*ro_bind(tmp_file("dbus"), "/run/dbus/system_bus_socket"),
"--unsetenv", "DBUS_SESSION_BUS_ADDRESS",
*ro_bind("/run/dbus/system_bus_socket"),
*ro_bind(generate_tmp_file("machine-id", "0" * 32), "/etc/machine-id"),
]),
"new-session": (True, [
@ -202,27 +200,7 @@ if args.show_cmdline:
assembled_args.append(args.program)
assembled_args.extend(args.args)
children = []
if args.dbus:
children.append(
subprocess.Popen(
[
"xdg-dbus-proxy",
os.getenv("DBUS_SESSION_BUS_ADDRESS"),
tmp_file("dbus"),
"--filter"
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
)
while not os.path.exists(tmp_file("dbus")):
time.sleep(0.1)
try:
subprocess.run(assembled_args)
finally:
shutil.rmtree(tmp_file(None))
for child in children:
child.terminate()
child.wait()

View file

@ -1,4 +1,4 @@
{ bubblewrap, lib, makeWrapper, python3, stdenvNoCC, xdg-dbus-proxy }:
{ bubblewrap, lib, makeWrapper, python3, stdenvNoCC }:
stdenvNoCC.mkDerivation rec {
name = "bwrap-helper";
@ -11,7 +11,6 @@ stdenvNoCC.mkDerivation rec {
buildInputs = [
bubblewrap
python3
xdg-dbus-proxy
];
dontUnpack = true;