Skip to content

Commit

Permalink
Provide access to cpu topology by default
Browse files Browse the repository at this point in the history
Add read-only access to `/sys/devices/system/cpu` to BubblejailDefaults
service.

It looks like a lot of applications make use of it. For example,
recent WINE versions do not work properly without it. Also Chromium
browser also tries to use it.

Steam profile already provided access to it but it looks like there
is no issue binding same directory multiple times for bwrap.
  • Loading branch information
igo95862 committed Sep 1, 2024
1 parent 96aa278 commit ab0280d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
3 changes: 0 additions & 3 deletions data/usr-share/bubblejail/profiles/steam.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,3 @@ executable_name = "/usr/bin/steam"
[services.network]
[services.direct_rendering]
[services.joystick]
[services.root_share]
read_only_paths = ['/sys/devices/system/cpu']

3 changes: 3 additions & 0 deletions src/bubblejail/services.py
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,9 @@ def iter_bwrap_options(self) -> ServiceGeneratorType:
):
yield DirCreate(sysfs_child, permissions=0o0755)

# CPU topology access
yield ReadOnlyBind("/sys/devices/system/cpu")

yield DirCreate(self.xdg_runtime_dir, permissions=0o700)

# Bind pseudo home
Expand Down

0 comments on commit ab0280d

Please sign in to comment.