From ed6517cc24dd61e551c140ae73e6eb3337c62513 Mon Sep 17 00:00:00 2001
From: Mathieu Virbel <mat@meltingrocks.com>
Date: Sun, 22 Feb 2026 12:04:01 -0600
Subject: [PATCH] fix: make xdg_runtime_dir writable for desktop application

---
 internal/sandbox/linux.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/sandbox/linux.go b/internal/sandbox/linux.go
index 23be2c2..3db289d 100644
--- a/internal/sandbox/linux.go
+++ b/internal/sandbox/linux.go
@@ -681,6 +681,14 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, proxyBridge
 			bwrapArgs = append(bwrapArgs, "--bind", cwd, cwd)
 		}
 
+		// Make XDG_RUNTIME_DIR writable so dconf and other runtime services
+		// (Wayland, PulseAudio, D-Bus) work inside the sandbox.
+		// Writes to /run/ are already filtered out by the learning parser.
+		xdgRuntime := os.Getenv("XDG_RUNTIME_DIR")
+		if xdgRuntime != "" && fileExists(xdgRuntime) {
+			bwrapArgs = append(bwrapArgs, "--bind", xdgRuntime, xdgRuntime)
+		}
+
 	}
 
 	defaultDenyRead := cfg != nil && cfg.Filesystem.IsDefaultDenyRead()