From d37dcff2fcb7639abd3ffbfc420546791511b17d Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Sat, 12 Oct 2024 22:55:53 +0900
Subject: [PATCH] app/seal: allow GPU access in permissive default when either
 X11/Wayland is enabled

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 internal/app/seal.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/app/seal.go b/internal/app/seal.go
index ad16663..4a211db 100644
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@@ -158,6 +158,10 @@ func (a *app) Seal(config *Config) error {
 			}
 			conf.Filesystem = append(conf.Filesystem, b...)
 		}
+		// bind GPU stuff
+		if config.Confinement.Enablements.Has(state.EnableX) || config.Confinement.Enablements.Has(state.EnableWayland) {
+			conf.Filesystem = append(conf.Filesystem, &FilesystemConfig{Src: "/dev/dri", Device: true})
+		}
 		config.Confinement.Sandbox = conf
 	}
 	seal.sys.bwrap = config.Confinement.Sandbox.Bwrap()