vrdhn · September 11, 2025 08:41
diff --git a/bwrap-foot.sh b/bwrap-foot.sh
 #!/bin/bash

 # Get the real home directory path
 REAL_HOME="$HOME"
 SANDBOX_HOME="$REAL_HOME/SANDBOX"

 # Create sandbox directory if it doesn't exist
 mkdir -p "$SANDBOX_HOME"

 # Ensure necessary directories exist in sandbox
 mkdir -p "$SANDBOX_HOME"/.config
 mkdir -p "$SANDBOX_HOME"/.cache
 mkdir -p "$SANDBOX_HOME"/.local/share

 # Create new HOME inside sandbox
 NEW_HOME="/home/$(whoami)"

 # Docker VOLUMES ...
 VOL=/home/$(whoami)/VOLUMES


 export VOL

 exec bwrap										\
    --ro-bind / /									\
    --dev /dev										\
    --dev-bind /dev/kvm /dev/kvm							\
    --dev-bind /dev/bus /dev/bus							\
    --dev-bind /dev/dri /dev/dri							\
    --proc /proc									\
    --tmpfs /tmp									\
    --tmpfs /var/tmp									\
    --tmpfs /home									\
    --bind "$SANDBOX_HOME" "$NEW_HOME"							\
    --bind "$VOL" "$VOL"								\
    --bind-try "$XDG_RUNTIME_DIR" "$XDG_RUNTIME_DIR"					\
    --bind-try "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"	\
    --bind-try "$XDG_RUNTIME_DIR/ssh-agent.socket" "$XDG_RUNTIME_DIR/ssh-agent.socket"	\
    --ro-bind-try "$SSH_AUTH_SOCK" "$SSH_AUTH_SOCK"					\
    --setenv HOME "$NEW_HOME"								\
    --setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR"						\
    --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY"						\
    --setenv SSH_AUTH_SOCK "$SSH_AUTH_SOCK"						\
    --unshare-all									\
    --share-net										\
    --die-with-parent									\
    foot "$@"
	#!/bin/bash

	# Get the real home directory path
	REAL_HOME="$HOME"
	SANDBOX_HOME="$REAL_HOME/SANDBOX"

	# Create sandbox directory if it doesn't exist
	mkdir -p "$SANDBOX_HOME"

	# Ensure necessary directories exist in sandbox
	mkdir -p "$SANDBOX_HOME"/.config
	mkdir -p "$SANDBOX_HOME"/.cache
	mkdir -p "$SANDBOX_HOME"/.local/share

	# Create new HOME inside sandbox
	NEW_HOME="/home/$(whoami)"

	# Docker VOLUMES ...
	VOL=/home/$(whoami)/VOLUMES


	export VOL

	exec bwrap \
	--ro-bind / / \
	--dev /dev \
	--dev-bind /dev/kvm /dev/kvm \
	--dev-bind /dev/bus /dev/bus \
	--dev-bind /dev/dri /dev/dri \
	--proc /proc \
	--tmpfs /tmp \
	--tmpfs /var/tmp \
	--tmpfs /home \
	--bind "$SANDBOX_HOME" "$NEW_HOME" \
	--bind "$VOL" "$VOL" \
	--bind-try "$XDG_RUNTIME_DIR" "$XDG_RUNTIME_DIR" \
	--bind-try "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
	--bind-try "$XDG_RUNTIME_DIR/ssh-agent.socket" "$XDG_RUNTIME_DIR/ssh-agent.socket" \
	--ro-bind-try "$SSH_AUTH_SOCK" "$SSH_AUTH_SOCK" \
	--setenv HOME "$NEW_HOME" \
	--setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \
	--setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
	--setenv SSH_AUTH_SOCK "$SSH_AUTH_SOCK" \
	--unshare-all \
	--share-net \
	--die-with-parent \
	foot "$@"