From 6cd026b66e402521bf45d0b6f1a6390f75d80dd3 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Thu, 7 Nov 2024 13:17:11 +0000 Subject: [PATCH 1/4] feature: add sandboxed terminal --- .../files/_silverblue/etc/dconf/db/local.d/06-terminal | 9 +++++++++ lumina/scripts/_base/003-ptyxis-terminal.sh | 2 ++ 2 files changed, 11 insertions(+) diff --git a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal index f8f691b..0fb5cc2 100644 --- a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal +++ b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal @@ -9,3 +9,12 @@ interface-style='system' restore-session=false restore-window-size=false audible-bell=false +default-profile-uuid='6bda7952f77dc37991e6318f667fbe69' + +[/org/gnome/Ptyxis/Profiles/6bda7952f77dc37991e6318f667fbe69] +label='Host' + +[/org/gnome/Ptyxis/Profiles/7632d7d21032d8c3bf7aa2ec672cbb04] +label='Sandbox' +use-custom-command=true +custom-command='/usr/bin/podmansh' diff --git a/lumina/scripts/_base/003-ptyxis-terminal.sh b/lumina/scripts/_base/003-ptyxis-terminal.sh index 831fc44..e5cd4b1 100644 --- a/lumina/scripts/_base/003-ptyxis-terminal.sh +++ b/lumina/scripts/_base/003-ptyxis-terminal.sh @@ -9,3 +9,5 @@ if [[ "$FEDORA_VERSION" == "40" ]]; then # Install the package rpm-ostree install ptyxis fi + +rpm-ostree install podmansh From 8c11a39c78fd1c65e74a9f54b1c76d5a0f96dc64 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Thu, 7 Nov 2024 14:01:58 +0000 Subject: [PATCH 2/4] chore: only install podmansh --- .../files/_silverblue/etc/dconf/db/local.d/06-terminal | 9 --------- 1 file changed, 9 deletions(-) diff --git a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal index 0fb5cc2..f8f691b 100644 --- a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal +++ b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal @@ -9,12 +9,3 @@ interface-style='system' restore-session=false restore-window-size=false audible-bell=false -default-profile-uuid='6bda7952f77dc37991e6318f667fbe69' - -[/org/gnome/Ptyxis/Profiles/6bda7952f77dc37991e6318f667fbe69] -label='Host' - -[/org/gnome/Ptyxis/Profiles/7632d7d21032d8c3bf7aa2ec672cbb04] -label='Sandbox' -use-custom-command=true -custom-command='/usr/bin/podmansh' From 90c3b963a2bf7958c945cdc3204c2bf0c27ef2b0 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Sun, 1 Dec 2024 02:11:17 +0000 Subject: [PATCH 3/4] chore: add podmansh quadlet --- .../systemd/users/podmansh.container | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 lumina/files/_base/etc/containers/systemd/users/podmansh.container diff --git a/lumina/files/_base/etc/containers/systemd/users/podmansh.container b/lumina/files/_base/etc/containers/systemd/users/podmansh.container new file mode 100644 index 0000000..2405069 --- /dev/null +++ b/lumina/files/_base/etc/containers/systemd/users/podmansh.container @@ -0,0 +1,18 @@ +[Unit] +Description=The podmansh container +After=local-fs.target + +[Container] +Image=docker.io/library/fedora:latest +ContainerName=podmansh +RemapUsers=keep-id +RunInit=yes + +Volume=%h/sandbox:%h:Z +Exec=sleep infinity + +[Service] +ExecStartPre=/usr/bin/mkdir -p %h/sandbox + +[Install] +RequiredBy=default.target From d6a2c2780f18f6302868b84be5f1555296a2ebbe Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Sun, 1 Dec 2024 02:17:50 +0000 Subject: [PATCH 4/4] chore: add ptyxis sandbox profile --- .../files/_silverblue/etc/dconf/db/local.d/06-terminal | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal index f8f691b..0fb5cc2 100644 --- a/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal +++ b/lumina/files/_silverblue/etc/dconf/db/local.d/06-terminal @@ -9,3 +9,12 @@ interface-style='system' restore-session=false restore-window-size=false audible-bell=false +default-profile-uuid='6bda7952f77dc37991e6318f667fbe69' + +[/org/gnome/Ptyxis/Profiles/6bda7952f77dc37991e6318f667fbe69] +label='Host' + +[/org/gnome/Ptyxis/Profiles/7632d7d21032d8c3bf7aa2ec672cbb04] +label='Sandbox' +use-custom-command=true +custom-command='/usr/bin/podmansh'