hakurei/internal/app/spwayland.go

package app

import (
	"os"

	"hakurei.app/container"
	"hakurei.app/hst"
	"hakurei.app/system/acl"
	"hakurei.app/system/wayland"
)

// spWaylandOp exports the Wayland display server to the container.
type spWaylandOp struct {
	// Path to host wayland socket. Populated during toSystem if DirectWayland is true.
	SocketPath *container.Absolute

	// Address to write the security-context-v1 synchronisation fd [os.File] address to.
	// Only populated for toSystem.
	sync **os.File
}

func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error {
	// outer wayland socket (usually `/run/user/%d/wayland-%d`)
	var socketPath *container.Absolute
	if name, ok := state.k.lookupEnv(wayland.WaylandDisplay); !ok {
		state.msg.Verbose(wayland.WaylandDisplay + " is not set, assuming " + wayland.FallbackName)
		socketPath = state.sc.RuntimePath.Append(wayland.FallbackName)
	} else if a, err := container.NewAbs(name); err != nil {
		socketPath = state.sc.RuntimePath.Append(name)
	} else {
		socketPath = a
	}

	if !config.DirectWayland { // set up security-context-v1
		appID := config.ID
		if appID == "" {
			// use instance ID in case app id is not set
			appID = "app.hakurei." + state.id.String()
		}
		// downstream socket paths
		state.sys.Wayland(s.sync, state.instance().Append("wayland"), socketPath, appID, state.id.String())
	} else { // bind mount wayland socket (insecure)
		state.msg.Verbose("direct wayland access, PROCEED WITH CAUTION")
		state.ensureRuntimeDir()
		s.SocketPath = socketPath
		state.sys.UpdatePermType(hst.EWayland, socketPath, acl.Read, acl.Write, acl.Execute)
	}
	return nil
}

func (s *spWaylandOp) toContainer(state *outcomeStateParams) error {
	innerPath := state.runtimeDir.Append(wayland.FallbackName)
	state.env[wayland.WaylandDisplay] = wayland.FallbackName
	if s.SocketPath == nil {
		state.params.Bind(state.instancePath().Append("wayland"), innerPath, 0)
	} else {
		state.params.Bind(s.SocketPath, innerPath, 0)
	}
	return nil
}