From ab0280d926d818930d0d73c1b52bb0d32e280386 Mon Sep 17 00:00:00 2001 From: igo95862 Date: Sun, 1 Sep 2024 20:09:18 +0100 Subject: [PATCH] Provide access to cpu topology by default Add read-only access to `/sys/devices/system/cpu` to BubblejailDefaults service. It looks like a lot of applications make use of it. For example, recent WINE versions do not work properly without it. Also Chromium browser also tries to use it. Steam profile already provided access to it but it looks like there is no issue binding same directory multiple times for bwrap. --- data/usr-share/bubblejail/profiles/steam.toml | 3 --- src/bubblejail/services.py | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/usr-share/bubblejail/profiles/steam.toml b/data/usr-share/bubblejail/profiles/steam.toml index d220164..27f5d13 100644 --- a/data/usr-share/bubblejail/profiles/steam.toml +++ b/data/usr-share/bubblejail/profiles/steam.toml @@ -24,6 +24,3 @@ executable_name = "/usr/bin/steam" [services.network] [services.direct_rendering] [services.joystick] -[services.root_share] -read_only_paths = ['/sys/devices/system/cpu'] - diff --git a/src/bubblejail/services.py b/src/bubblejail/services.py index 8775041..2d55a87 100644 --- a/src/bubblejail/services.py +++ b/src/bubblejail/services.py @@ -207,6 +207,9 @@ def iter_bwrap_options(self) -> ServiceGeneratorType: ): yield DirCreate(sysfs_child, permissions=0o0755) + # CPU topology access + yield ReadOnlyBind("/sys/devices/system/cpu") + yield DirCreate(self.xdg_runtime_dir, permissions=0o700) # Bind pseudo home