From 1a8a19e6286aa58c5a46f03882f8f09e54456051 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 29 May 2026 11:18:12 +0100 Subject: feat(sandbox): bwrap wrappers for mpv, yt-dlp, streamlink MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These three tools are the native (non-flatpak) network parsers in the install set — every other internet-facing app is already flatpak'd. The threat model is a RCE in a subtitle/extractor/muxer that walks $HOME looking for SSH keys, GPG keyring, pass store, cloud tokens, etc. Approach (defence in depth, not full sandboxing): - bwrap --bind / / keeps Wayland, PipeWire, DBus, GPU, hwaccel and all config files working transparently. - --tmpfs over known-sensitive dirs (.ssh, .gnupg, .password-store, .config/gh, .config/op, .aws, .local/share/keyrings) blanks them from the sandbox view; a compromised parser literally cannot see them. - inner PATH stripped of ~/.local/bin so streamlink's spawn of `mpv` resolves to /usr/bin/mpv and does not re-enter the sandbox. - --die-with-parent + --new-session for tidy lifecycle. - Escape hatch: SANDBOX=0 mpv ... bypasses for one invocation. - Graceful degradation if bwrap is missing (warns and execs anyway). bubblewrap added explicitly to meta/base.txt (was implicit via flatpak). Wrappers in ~/.local/bin shadow /usr/bin via dot_zprofile:15 PATH order. Not symlinked into the Ubuntu VM (nix/vm.nix does not touch ~/.local/bin), which is fine: those tools on the headless VM don't need sandboxing. --- dot_local/bin/executable_yt-dlp | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 dot_local/bin/executable_yt-dlp (limited to 'dot_local/bin/executable_yt-dlp') diff --git a/dot_local/bin/executable_yt-dlp b/dot_local/bin/executable_yt-dlp new file mode 100644 index 0000000..3298e3f --- /dev/null +++ b/dot_local/bin/executable_yt-dlp @@ -0,0 +1,4 @@ +#!/usr/bin/env sh +# Thin wrapper: run /usr/bin/yt-dlp inside _sandbox-net-parser. See that +# script for the threat model and the SANDBOX=0 escape hatch. +exec _sandbox-net-parser /usr/bin/yt-dlp "$@" -- cgit v1.3.1