app: supply template config
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
d5c26ae593
commit
2e019e48c1
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
|
|
@ -89,3 +89,60 @@ func (s *SandboxConfig) Bwrap() *bwrap.Config {
|
||||||
|
|
||||||
return conf
|
return conf
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Template returns a fully populated instance of Config.
|
||||||
|
func Template() *Config {
|
||||||
|
return &Config{
|
||||||
|
ID: "org.chromium.Chromium",
|
||||||
|
User: "chronos",
|
||||||
|
Command: []string{
|
||||||
|
"chromium",
|
||||||
|
"--ignore-gpu-blocklist",
|
||||||
|
"--disable-smooth-scrolling",
|
||||||
|
"--enable-features=UseOzonePlatform",
|
||||||
|
"--ozone-platform=wayland",
|
||||||
|
},
|
||||||
|
Method: "sudo",
|
||||||
|
Confinement: ConfinementConfig{
|
||||||
|
Sandbox: &SandboxConfig{
|
||||||
|
Hostname: "localhost",
|
||||||
|
UserNS: true,
|
||||||
|
Net: true,
|
||||||
|
NoNewSession: true,
|
||||||
|
Wayland: false,
|
||||||
|
UID: 150,
|
||||||
|
GID: 101,
|
||||||
|
// example API credentials pulled from Google Chrome
|
||||||
|
// DO NOT USE THESE IN A REAL BROWSER
|
||||||
|
Env: map[string]string{
|
||||||
|
"GOOGLE_API_KEY": "AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY",
|
||||||
|
"GOOGLE_DEFAULT_CLIENT_ID": "77185425430.apps.googleusercontent.com",
|
||||||
|
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT",
|
||||||
|
},
|
||||||
|
Bind: [][2]string{{"/sdcard", "/sdcard"}, {"/var/tmp", "/var/tmp"}},
|
||||||
|
ROBind: [][2]string{{"/nix", "/nix"}},
|
||||||
|
},
|
||||||
|
SystemBus: &dbus.Config{
|
||||||
|
See: nil,
|
||||||
|
Talk: []string{"org.bluez", "org.freedesktop.Avahi", "org.freedesktop.UPower"},
|
||||||
|
Own: nil,
|
||||||
|
Call: nil,
|
||||||
|
Broadcast: nil,
|
||||||
|
Log: false,
|
||||||
|
Filter: true,
|
||||||
|
},
|
||||||
|
SessionBus: &dbus.Config{
|
||||||
|
See: nil,
|
||||||
|
Talk: []string{"org.freedesktop.Notifications", "org.freedesktop.FileManager1", "org.freedesktop.ScreenSaver",
|
||||||
|
"org.freedesktop.secrets", "org.kde.kwalletd5", "org.kde.kwalletd6", "org.gnome.SessionManager"},
|
||||||
|
Own: []string{"org.chromium.Chromium.*", "org.mpris.MediaPlayer2.org.chromium.Chromium.*",
|
||||||
|
"org.mpris.MediaPlayer2.chromium.*"},
|
||||||
|
Call: map[string]string{"org.freedesktop.portal.*": "*"},
|
||||||
|
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
|
||||||
|
Log: false,
|
||||||
|
Filter: true,
|
||||||
|
},
|
||||||
|
Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue