Browse code

Refine default options regarding /{dev,proc,sys}.

Xavier G authored on 26/02/2016 17:33:17
Showing 2 changed files

... ...
@@ -1,8 +1,3 @@
1 1
 - Make the proot'ing configurable (typically via a configuration file, e.g.
2 2
   ~/.config/prooties/browser-wrapper.<browser>.conf
3 3
 - If needed, rewrite in Perl instead of bash
4
-- Keep improving the default options:
5
-  - Flash needs additional paths to retain its configuration
6
-  - Java ought to be tested. Damn. That one surely is a call for procrastination.
7
-  - What about /proc? /proc/sys?
8
-  - What about /dev?
... ...
@@ -45,12 +45,14 @@ if [ -x "$(which proot)" ]; then
45 45
 	home_dir="/run/user/$(id -u)/home.$$"
46 46
 	# Directory to replace /tmp
47 47
 	tmp_dir="/run/user/$(id -u)/tmp.$$"
48
+	# Empty dir to replace /dev
49
+	dev_dir="/run/user/$(id -u)/dev.$$"
48 50
 	# Directory for uploads
49 51
 	upload_dir="${HOME}/Uploads"
50 52
 	# Directory for downloads
51 53
 	download_dir="${HOME}/Downloads"
52 54
 
53
-	for directory in {home,tmp,{up,down}load}_dir; do
55
+	for directory in {home,tmp,{up,down}load,dev}_dir; do
54 56
 		mk_dir "${!directory}" 0700
55 57
 	done
56 58
 
... ...
@@ -75,6 +77,14 @@ if [ -x "$(which proot)" ]; then
75 77
 	#     (assuming IcedTea-Web >= 1.5 / OpenJDK)
76 78
 	#   - /tmp is empty
77 79
 	#     (as in: do not even try to mess with the Unix sockets to ssh-agent)
80
+	#   - /sys is simply absent
81
+	#     (Firefox tries to reach various things under /sys/devices/system/ but
82
+	#     seems to cope without it)
83
+	#   - /proc is still there, unless you want to hit that very detailed error:
84
+	#       too much recursion
85
+	#   - /proc/sys is still there, unless you want to hit that charming error:
86
+	#       FATAL: error reading `/proc/sys/crypto/fips_enabled' in libgcrypt: Not a directory
87
+	#   - /dev is present yet minimalist
78 88
 	proot \
79 89
 		-b "${home_dir}:${HOME}" \
80 90
 		-b "${HOME}/.mozilla/firefox:${HOME}/.mozilla/firefox" \
... ...
@@ -89,6 +99,10 @@ if [ -x "$(which proot)" ]; then
89 99
 		-b "${HOME}/.local/share/applications/javaws:${HOME}/.local/share/application/javaws" \
90 100
 		-b "${tmp_dir}:/tmp" \
91 101
 		-b "/dev/null:/sys" \
102
+		-b "${dev_dir}:/dev" \
103
+		-b "/dev/null:/dev/null" \
104
+		-b "/dev/random:/dev/random" \
105
+		-b "/dev/urandom:/dev/urandom" \
92 106
 		--cwd="${HOME}" \
93 107
 		"${browser_path}" "$@"
94 108
 else