Skip to content

E
eepm
Switch branch/tag
Find file
Normal viewHistoryPermalink
bwrap-fix.sh 909 Bytes
Newer Older
Boris Yumankulov's avatar
epm play: move bwrap-fix to separate prescription
c28d5a16
 
Boris Yumankulov committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 
#!/bin/sh

[ "$1" != "--run" ] && echo "Enable unprivileged bubblewrap mode" && exit

. $(dirname $0)/common.sh

assure_root

[ "$(epm print info -s)" = "alt" ] || fatal "Only ALTLinux is supported"

epm install --skip-installed  sysctl-conf-userns

# https://bugzilla.altlinux.org/46690 and https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
cat <<EOL > /etc/systemd/system/check-bwrap.service
[Unit]
Description=Check and fix permissions for bwrap
Wants=check-bwrap.path

[Service]
Type=oneshot
ExecStart=/bin/bash -c "CURRENT_PERMISSIONS=\$(stat -c '%a' /usr/bin/bwrap); if [ '\$CURRENT_PERMISSIONS' != '775' ]; then chmod 0755 /usr/bin/bwrap; fi"
EOL

cat <<EOL > /etc/systemd/system/check-bwrap.path
[Unit]
Description=Watch /usr/bin/bwrap for changes

[Path]
PathModified=/usr/bin/bwrap

[Install]
WantedBy=multi-user.target
EOL

serv on check-bwrap.path
serv start check-bwrap.service