WIP: sandbox use bwrap and XWayland

sandbox/sandbox

@@ -269,6 +269,11 @@ class Sandbox:
             copyfile(f, homedir, self.__homedir)
             copyfile(f, "/tmp", self.__tmpdir)
             copyfile(f, "/var/tmp", self.__tmpdir)
+            # copyfile(f, "/run/user/1000", self.__runuserdir)
+            # os.system("sudo mount --bind /run/user/1000/wayland-1 " + self.__runuserdir + "/wayland-1")
+            # os.system("sudo mount --bind /run/user/1000/wayland-1 " + self.__runuserdir + "")
+            # print(self.__runuserdir)
+            # os.system("ls "+self.__runuserdir + " /run/user/1000")
 
     def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
         execfile = self.__homedir + "/.sandboxrc"
@@ -462,7 +467,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
 
     def __execute(self):
         try:
-            cmds = [SEUNSHARE, "-Z", self.__execcon]
+            cmds = [SEUNSHARE, "-v", "-Z", self.__execcon]
             if self.__options.usecaps:
                 cmds.append('-C')
             if self.__mount:
@@ -487,6 +492,21 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
                     cmds += ["--", SANDBOXSH, self.__options.windowsize, dpi]
                 else:
                     cmds += ["--"] + self.__paths
+                cmds = """/usr/bin/bwrap
+    --ro-bind / / \
+    --proc /proc \
+    --dev /dev \
+    --unshare-user \
+    --new-session \
+    --bind /home/user/sandbox/tmp /tmp \
+    --bind /tmp/.X11-unix /tmp/.X11-unix \
+    --bind /run/user/1000/wayland-1 /run/user/1000/wayland-1 \
+    """.split() + \
+                ["--exec-label", self.__execcon] + \
+                ["--bind", self.__homedir, "/home/user"] + \
+                ["--", SANDBOXSH, self.__options.windowsize, dpi]
+                print(cmds)
+
                 return subprocess.Popen(cmds).wait()
 
             pid = os.fork()

sandbox/sandboxX.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 trap "" TERM
 context=`id -Z | secon -t -l -P`
 export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
@@ -20,7 +20,11 @@ cat > ~/.config/openbox/rc.xml << EOF
 </openbox_config>
 EOF
 
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ls -a /run/user/1000
+echo $WAYLAND_DISPLAY
+
+# (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xwayland -v -v -terminate -dpi $DPI -retro -geometry $SCREENSIZE -decorate -displayfd 5 5>&1) | while read D; do
     export DISPLAY=:$D
     cat > ~/seremote << __EOF
 #!/bin/sh

sandbox/seunshare.c

@@ -765,6 +765,7 @@ int main(int argc, char **argv) {
 
 	if (child == 0) {
 		char *display = NULL;
+		char *w_display = NULL;
 		char *LANG = NULL;
 		char *RUNTIME_DIR = NULL;
 		int rc = -1;
@@ -823,6 +824,14 @@ int main(int argc, char **argv) {
 			}
 		}
 
+		/* construct a new environment */
+		if ((w_display = getenv("WAYLAND_DISPLAY")) != NULL) {
+			if ((w_display = strdup(w_display)) == NULL) {
+				perror(_("Out of memory"));
+				goto childerr;
+			}
+		}
+
 		/* construct a new environment */
 		if ((LANG = getenv("LANG")) != NULL) {
 			if ((LANG = strdup(LANG)) == NULL) {
@@ -837,6 +846,8 @@ int main(int argc, char **argv) {
 		}
 		if (display)
 			rc |= setenv("DISPLAY", display, 1);
+		if (w_display)
+			rc |= setenv("WAYLAND_DISPLAY", w_display, 1);
 		if (LANG)
 			rc |= setenv("LANG", LANG, 1);
 		if (RUNTIME_DIR)