js/Bubblewine
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Bubblewine/bubblewine
Jonathan Schleifer a4e64772d6
Fix brainfart
2021-08-06 23:31:22 +02:00

96 lines
3.4 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/sh
#
# Copyright (c) 2021 Jonathan Schleifer <js@nil.im>
#
# https://github.com/Midar/bubblewine
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice is present in all copies.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
set -eu
if ! type bwrap >/dev/null 2>&1; then
echo "You don't have bubblewrap installed." 1>&2
echo "Please install bubblewrap." 1>&2
exit 1
fi
# Create the wine prefix outside the sandbox. For some reason, it hangs when
# creating it inside the sandbox.
if [ ! -d "$HOME/.bubblewine" ]; then
WINEPREFIX="$HOME/.bubblewine" wineboot
WINEPREFIX="$HOME/.bubblewine" wineserver -k
fi
# Rather than pass in all X11 sockets by allowing abstract sockets, only pass
# in the socket actually being used. This increases security when using a
# separate X11 for wine.
#
# WARNING: Running wine on an X11 that has other things open (a terminal, a
# desktop environment, etc.) that allows to start things outside of
# the sandbox is very probably a sandbox escape! The fix is obviously
# to migrate to Wayland and put X11 to its well deserved grave, but
# as an interim solution, a separate X11 can be used.
xsocket="/tmp/.X11-unix/X${DISPLAY#:}"
ro_binds=""
# Handle various wrapper scripts around wine that some distros have.
if head -1 $(which wine) | grep -F '/bin/sh' >/dev/null 2>&1; then
ro_binds="$ro_binds --ro-bind /bin/sh /bin/sh"
fi
if head -1 $(which wine) | grep -F '/bin/bash' >/dev/null 2>&1; then
ro_binds="$ro_binds --ro-bind /bin/bash /bin/bash"
fi
ro_bind_if_exists() {
if [ -e "$1" ]; then
ro_binds="$ro_binds --ro-bind $1 $1"
fi
}
ro_bind_if_exists /usr/bin/wine32
ro_bind_if_exists /usr/bin/wine64
ro_bind_if_exists /usr/bin/wine-preloader
ro_bind_if_exists /usr/bin/wine32-preloader
ro_bind_if_exists /usr/bin/wine64-preloader
ro_bind_if_exists /usr/bin/wineserver32
ro_bind_if_exists /usr/bin/wineserver64
ro_bind_if_exists /usr/lib64
bwrap \
--unshare-user \
--unshare-ipc \
--unshare-pid \
--unshare-net \
--unshare-uts \
--unshare-cgroup \
--new-session \
--die-with-parent \
--ro-bind /usr/bin/wine /usr/bin/wine \
--ro-bind /usr/bin/wineserver /usr/bin/wineserver \
--ro-bind /usr/lib /usr/lib \
--ro-bind /usr/share/wine /usr/share/wine \
$ro_binds \
--symlink usr/lib /lib \
--symlink usr/lib64 /lib64 \
--proc /proc \
--tmpfs /tmp \
--bind "$HOME/.bubblewine" /wineprefix \
--bind "$xsocket" "$xsocket" \
--setenv WINEPREFIX /wineprefix \
wine "$@"
Reference in a new issue View git blame Copy permalink