monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

fix: make xdg_runtime_dir writable for desktop application
Some checks failed
Build and test / Lint (push) Failing after 1m7s
Details
Build and test / Test (Linux) (push) Failing after 29s
Details
Build and test / Build (push) Successful in 14s
Details

Browse Source
This commit is contained in:
Mathieu Virbel
2026-02-22 12:04:01 -06:00
parent 2061dfe63b
commit ed6517cc24
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/sandbox/linux.go
View File

@@ -681,6 +681,14 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, proxyBridge
bwrapArgs = append(bwrapArgs, "--bind", cwd, cwd) bwrapArgs = append(bwrapArgs, "--bind", cwd, cwd)
} }
// Make XDG_RUNTIME_DIR writable so dconf and other runtime services
// (Wayland, PulseAudio, D-Bus) work inside the sandbox.
// Writes to /run/ are already filtered out by the learning parser.
xdgRuntime := os.Getenv("XDG_RUNTIME_DIR")
if xdgRuntime != "" && fileExists(xdgRuntime) {
bwrapArgs = append(bwrapArgs, "--bind", xdgRuntime, xdgRuntime)
}
} }
defaultDenyRead := cfg != nil && cfg.Filesystem.IsDefaultDenyRead() defaultDenyRead := cfg != nil && cfg.Filesystem.IsDefaultDenyRead()