WIP Android-style application sandbox for Linux desktop applications.

Go to file

Ophestra Umiker 09507a541b nix: build directly with buildGoModules Since we have no dependencies, we don't need a vendor hash, so doing this actually makes sense. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>		2024-07-16 21:54:44 +09:00
.gitea/workflows	workflows: add release workflow	2024-07-15 23:47:08 +09:00
.gitignore	cli: parse and resolve flags	2024-07-09 15:39:40 +09:00
LICENSE	apply MIT license	2024-07-16 20:49:00 +09:00
README.md	adapt README document	2024-07-16 21:33:31 +09:00
acl.go	acl: fix memory leak in removeEntry	2024-07-15 12:40:29 +09:00
cli.go	main: implement sudo and machinectl launcher methods	2024-07-15 23:29:21 +09:00
flake.lock	nix: set up devShell	2024-07-11 01:10:35 +09:00
flake.nix	nix: build directly with buildGoModules	2024-07-16 21:54:44 +09:00
go.mod	cli: parse and resolve flags	2024-07-09 15:39:40 +09:00
launcher.go	launcher: implement launcher wrapper	2024-07-15 22:56:50 +09:00
main.go	state: track launcher states in runDir and clean up before exit	2024-07-16 14:19:43 +09:00
state.go	state: track launcher states in runDir and clean up before exit	2024-07-16 14:19:43 +09:00
util.go	util: PulseAudio cookie discovery	2024-07-15 16:25:44 +09:00
x11.go	x11: wrap libxcb ChangeHosts request	2024-07-14 18:31:53 +09:00

README.md

ego (the Go side)

Do all your games need access to your documents, browser history, SSH private keys?

... No? Just run ego steam!

Ego is a tool to run Linux desktop applications under a different local user. Currently integrates with Wayland, Xorg, PulseAudio and xdg-desktop-portal. You may think of it as xhost for Wayland and PulseAudio. This is done using filesystem ACLs and X11 host access control.

Disclaimer: DO NOT RUN UNTRUSTED PROGRAMS VIA EGO. However, using ego is more secure than running applications directly under your primary user.

Differences

Written in Go
Tracks process states
Cleans up after last process exits
Argv preservation in machinectl mode
Has no dependencies other than the two C libraries

Manual setup

Ego aims to come with sane defaults and be easy to set up.

Requirements:

Sudo
A C compiler
Go
libacl.so library (Debian/Ubuntu: libacl1-dev; Fedora: libacl-devel; Arch: acl)
libxcb.so library (Debian/Ubuntu: libxcb1-dev; Fedora: libxcb-devel; Arch: libxcb)

Recommended: (Not needed when using --sudo mode, but some desktop functionality may not work).

machinectl command (Debian/Ubuntu/Fedora: systemd-container; Arch: systemd)
xdg-desktop-portal-gtk (Debian/Ubuntu/Fedora/Arch: xdg-desktop-portal-gtk)

Installation:

Run in repository worktree:

go build -v -ldflags '-s -w'
sudo cp ego /usr/local/bin/

Create local user named "ego": ^[1]

sudo useradd ego --uid 155 --create-home

That's all, try it:
```
ego xdg-open .
```

[1] No extra groups are needed by the ego user. UID below 1000 hides this user on the login screen.

Avoid password prompt

If using "machinectl" mode (default if available), you need the rather new systemd version >=247 and polkit >=0.106 to do this securely.

Create file /etc/polkit-1/rules.d/50-ego-machinectl.rules, polkit will automatically load it (replace $USER with your own username):

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.machine1.host-shell" &&
        action.lookup("user") == "ego" &&
        subject.user == "$USER") {
            return polkit.Result.YES;
    }
});

sudo mode

For sudo, add the following to /etc/sudoers (replace $USER with your own username):

$USER ALL=(ego) NOPASSWD:ALL

Appendix

Ego is licensed under the MIT License (see the LICENSE file). The original Ego was created by Marti Raudsepp under the repository https://github.com/intgr/ego