ybox 0.9.11.1__py3-none-any.whl → 0.9.12__py3-none-any.whl

ybox/__init__.py

@@ -1,2 +1,2 @@
 """`ybox` is a tool to easily manage linux distributions in containers"""
-__version__ = "0.9.11.1"
+__version__ = "0.9.12"

ybox/conf/distros/arch/distro.ini

@@ -50,12 +50,12 @@ recommended_deps = intel-media-driver libva-mesa-driver vulkan-intel vulkan-mesa
 # optional packages for enhanced experience in shell and GUI apps
 # (for some reason TERMINFO_DIRS does not work for root user, so explicitly installing terminfo
 #  packages for other terminal emulators available in arch which occupy only a tiny space)
-suggested = cantarell-fonts ttf-fira-code noto-fonts neovim eza ncdu fd bat
+suggested = cantarell-fonts ttf-fira-code noto-fonts neovim eza ncdu fd bat gnome-settings-daemon
             kitty-terminfo rxvt-unicode-terminfo realtime-privileges tree starship
 # dependencies of the `suggested` packages
 suggested_deps = xsel
 # additional packages that are in AUR and installed by paru in init-user.sh
-extra = neovim-symlinks tinyxxd autojump
+extra = neovim-symlinks tinyxxd
 
 
 # The commands here will be run as normal userns mapped user, so use sudo if the command

ybox/conf/distros/deb-generic/distro.ini

@@ -53,7 +53,7 @@ recommended_deps = xauth netbase xdg-user-dirs intel-media-va-driver-non-free me
                    mesa-vulkan-drivers libfribidi0 fonts-dejavu-core sensible-utils libpam-cap
 # optional packages for enhanced experience in shell and GUI apps
 suggested = fonts-cantarell fonts-firacode fonts-noto-core neovim ncdu fd-find bat
-            kitty-terminfo tree autojump
+            gnome-settings-daemon-common kitty-terminfo tree
 # dependencies of the `suggested` packages
 suggested_deps = xsel xxd
 

ybox/conf/profiles/basic.ini

@@ -151,6 +151,12 @@ log_opts = max-size=10m,max-file=3
 # the --device option to podman/docker run. Example: devices = /dev/video0,/dev/ttyUSB0
 devices =
 
+# Additional options passed as such to the podman/docker run command.
+# These are parsed using `shlex.split()`, so use POSIX shell quotes and escape characters for
+# spaces and other special characters in an option.
+custom_options =
+
+
 # The security-opt and other security options passed to podman/docker.
 # You should restrict these as required.
 # If these have to be relaxed for some apps, then it is highly recommended to put
@@ -189,10 +195,29 @@ label = type:container_runtime_t
 # --ulimit=host is only available for podman which copies host ulimits by default
 # ulimits = host
 # default is private IPC
-# WARNING: setting this to 'host' can open a major security attack vector
+# WARNING: setting this to 'host' can open a significant security attack vector
 ipc = private
 
 
+# Networking related options passed to podman/docker. Available keys are:
+#    mode: set the networking mode, passed as --network=...
+#    expose: comma-separated container ports to expose, passed as --expose=...
+#    publish: comma-separated container ports to publish to the host, passed as --publish=...
+#    publish_all: publish all exposed ports to the host, value can be empty which means enable
+#                 or explicit boolean (true/false, on/off, 1/0) and is passed as -P when enabled
+#    host: host name for the container, passed as --hostname=...
+#    ip: ipv4 address of the container, passed as --ip=...
+#    ip6: ipv6 address of the container, passed as --ip6=...
+#    dns: custom DNS servers, passed as --dns=...
+#    dns_option: custom DNS options, passed as --dns-option=...
+#    dns_search: custom DNS search domain, passed as --dns-search=...
+#    mac: custom MAC address for the network interface of the container, passed as --mac-address=...
+#    alias: network scoped alias for the container, passed as --network-alias=...
+[network]
+# WARNING: setting this to 'host' can open significant security attack vectors
+mode =
+
+
 # These are podman/docker volumes that can use either the format of --mount or -v options
 # (the scripts make a quick guess by searching for = or ,).
 # These will typically include some directories from your home like Downloads.
@@ -256,6 +281,7 @@ zsh_p10 = $HOME/.p10k.zsh -> .p10k.zsh
 dir_colors = $HOME/.dir_colors -> .dir_colors
 vimrc = $HOME/.vimrc -> .vimrc
 nvimrc = $HOME/.config/nvim -> .config/nvim
+dconf = $HOME/.config/dconf -> .config/dconf
 themes = $HOME/.themes -> .themes
 cursors = $HOME/.icons -> .icons
 icons = $HOME/.local/share/icons -> .local/share/icons
@@ -264,8 +290,7 @@ gitconf = $HOME/.gitconfig -> .gitconfig
 gtk2rc = $HOME/.gtkrc-2.0 -> .gtkrc-2.0
 gtk3rc = $HOME/.config/gtk-3.0 -> .config/gtk-3.0
 gtk4rc = $HOME/.config/gtk-4.0 -> .config/gtk-4.0
-qt5conf = $HOME/.config/Trolltech.conf -> .config/Trolltech.conf
-qt5ctconf = $HOME/.config/qt5ct/qt5ct.conf -> .config/qt5ct/qt5ct.conf
+qtconf = $HOME/.config/Trolltech.conf -> .config/Trolltech.conf
 ariaconf = $HOME/.config/aria2/aria2.conf -> .config/aria2/aria2.conf
 speechconf = $HOME/.config/speech-dispatcher -> .config/speech-dispatcher
 
@@ -325,11 +350,14 @@ XMODIFIERS
 chromium = !p --enable-chrome-browser-cloud-management !a
 
 
-# Startup programs you want to run when starting the container. These are run using
-# /bin/bash shell of the container, so you can use shell variables if required.
+# Startup programs to run in background when starting the container. Each command is run using
+# `nohup` and in background with logs in `$HOME/.local/share/ybox/logs/app-<number>_{out|err}.log`
+# (`_out.log` suffix for standard output and `_err.log` for standard error). The number is the
+# 1-based index of the command in the list in the section below.
+#
 # These programs are run as normal container user, so if you need to run using root
-# account then add 'sudo' before the command.
+# account then add 'sudo' before the command. The commands (i.e. the values of the keys)
+# should be in a single line and cannot contain newlines.
 [startup]
 # for example you can avoid sharing dbus of the original session rather start a separate one
 #dbus = /usr/bin/dbus-daemon --session
-#dbus_sys = sudo /usr/bin/dbus-daemon --system

ybox/conf/resources/entrypoint-user.sh

@@ -10,7 +10,7 @@ current_user="$(id -un)"
 user_home="$(getent passwd "$current_user" | cut -d: -f6)"
 # set gpg keyserver to an available one
 mkdir -p "$user_home/.gnupg" && chmod 0700 "$user_home/.gnupg"
-echo "keyserver $DEFAULT_GPG_KEY_SERVER" > "$user_home/.gnupg/dirmngr.conf"
+echo "keyserver $DEFAULT_GPG_KEY_SERVER" > "$user_home/.gnupg/dirmngr.conf" || /bin/true
 rm -f "$user_home"/.gnupg/*/*.lock
 
 if [ ! -e "$user_home/.config/pip/pip.conf" ]; then

ybox/conf/resources/entrypoint.sh

@@ -110,11 +110,12 @@ function install_apps() {
 function invoke_startup_apps() {
   log_dir="$HOME/.local/share/ybox/logs"
   log_no=1
+  mkdir -p "$log_dir"
   # start apps in the order listed in the file
   while read -r app_line; do
-    mkdir -p "$log_dir"
     echo_color "$fg_orange" "Starting: ${app_line:0:40} ..." >> $status_file
     nohup $app_line >> "$log_dir/app-${log_no}_out.log" 2>> "$log_dir/app-${log_no}_err.log" &
+    ((log_no++))
     sleep 1
   done < "$startup_list"
 }
@@ -176,6 +177,7 @@ done
 # change ownership of user's /run/user/<uid> tree which may have root ownership due to the
 # docker bind mounts
 run_dir=${XDG_RUNTIME_DIR:-/run/user/$uid}
+host_run_dir=${run_dir}-host
 if [ -d $run_dir ]; then
   $SUDO chown $uid:$gid $run_dir 2>/dev/null || true
 fi
@@ -183,6 +185,11 @@ if compgen -G "$run_dir/*" >/dev/null; then
   $SUDO chown $uid:$gid $run_dir/* 2>/dev/null || true
 fi
 
+# link wayland sockets/locks if enabled
+if [ "$ENABLE_WAYLAND" = true ] && compgen -G "$host_run_dir/wayland-*" >/dev/null; then
+  ln -sf $host_run_dir/wayland-* $run_dir/.
+fi
+
 # run actions requiring root access
 $SUDO /bin/bash "$SCRIPT_DIR/entrypoint-root.sh"
 
@@ -210,13 +217,13 @@ if [ ! -e "$SCRIPT_DIR/ybox-init.done" ]; then
 fi
 
 # process config files, application installs and invoke startup apps
-if [ -n "$config_list" ]; then
+if [ -n "$config_list" -a -s "$config_list" ]; then
   replicate_config_files
 fi
-if [ -n "$app_list" ]; then
+if [ -n "$app_list" -a -s "$app_list" ]; then
   install_apps
 fi
-if [ -n "$startup_list" ]; then
+if [ -n "$startup_list" -a -s "$startup_list" ]; then
   invoke_startup_apps
 fi
 # update the status file to indicate successful startup

ybox/conf/resources/run-in-dir

@@ -64,7 +64,6 @@ if [ -e "$nvidia_setup" ]; then
         sudo /bin/bash "$nvidia_setup" || /bin/true
       fi
     ) 100>"$lock_file"
-    break
   fi
 fi
 

ybox/config.py

@@ -44,6 +44,7 @@ class StaticConfiguration:
         self._status_file = f"{container_dir}/status"
         self._config_list = f"{self._scripts_dir}/config.list"
         self._app_list = f"{self._scripts_dir}/app.list"
+        self._startup_list = f"{self._scripts_dir}/startup.list"
 
     @property
     def env(self) -> Environ:
@@ -123,8 +124,6 @@ class StaticConfiguration:
         """local status file to communicate when the container is ready for use"""
         return self._status_file
 
-    # file containing list of configuration files to be linked on that container to host
-    # as mentioned in the [configs] section
     @property
     def config_list(self) -> str:
         """file containing list of configuration files to be linked on that container to host
@@ -136,6 +135,11 @@ class StaticConfiguration:
         """file containing list of applications to be installed in the container"""
         return self._app_list
 
+    @property
+    def startup_list(self) -> str:
+        """file containing list of commands to be executed in the container on startup"""
+        return self._startup_list
+
 
 class Consts:
     """

ybox/pkg/clean.py

@@ -5,23 +5,39 @@ Clean package cache and related intermediate files of an active ybox container.
 import argparse
 from configparser import SectionProxy
 
-from ybox.cmd import PkgMgr, build_shell_command, run_command
+from ybox.cmd import (PkgMgr, build_shell_command, check_active_ybox,
+                      run_command)
 from ybox.config import StaticConfiguration
 from ybox.print import print_info
+from ybox.state import RuntimeConfiguration, YboxStateManagement
 
 
+# noinspection PyUnusedLocal
 def clean_cache(args: argparse.Namespace, pkgmgr: SectionProxy, docker_cmd: str,
-                conf: StaticConfiguration) -> int:
+                conf: StaticConfiguration, runtime_conf: RuntimeConfiguration,
+                state: YboxStateManagement) -> int:
+    # pylint: disable=unused-argument
     """
     Clean package cache and related intermediate files.
 
-    :param args: arguments having `quiet` and all other attributes passed by the user
+    :param args: arguments having `package` and all other attributes passed by the user
     :param pkgmgr: the `[pkgmgr]` section from `distro.ini` configuration file of the distribution
     :param docker_cmd: the podman/docker executable to use
     :param conf: the :class:`StaticConfiguration` for the container
+    :param runtime_conf: the `RuntimeConfiguration` of the container
+    :param state: instance of `YboxStateManagement` having the state of all ybox containers
     :return: integer exit status of clean command where 0 represents success
     """
-    print_info(f"Cleaning package cache in container '{conf.box_name}'")
-    clean_cmd = pkgmgr[PkgMgr.CLEAN_QUIET.value] if args.quiet else pkgmgr[PkgMgr.CLEAN.value]
-    return int(run_command(build_shell_command(docker_cmd, conf.box_name, clean_cmd),
-                           exit_on_error=False, error_msg="cleaning package cache"))
+    clean_cmd = pkgmgr[PkgMgr.CLEAN.value] if args.ask else pkgmgr[PkgMgr.CLEAN_QUIET.value]
+    # run clean for each container since it can involve actions that are container specific
+    # apart from the generic ones for the shared root (e.g. AUR cache cleaning for Arch Linux)
+    code = 0
+    for container in state.get_containers(shared_root=runtime_conf.shared_root):
+        if not check_active_ybox(docker_cmd, container):
+            continue
+        print_info(f"Cleaning package cache in container '{container}'")
+        if (c := int(run_command(build_shell_command(docker_cmd, container, clean_cmd),
+                                 exit_on_error=False, error_msg="cleaning package cache"))) != 0:
+            code = c
+        print()
+    return code

ybox/pkg/inst.py

@@ -32,10 +32,16 @@ _EXEC_ICON_RE = re.compile(f"{_EXEC_PATTERN}|{_ICON_PATH_PATTERN}")
 # match !p and !a to replace executable program (third group above) and arguments respectively
 _FLAGS_RE = re.compile("![ap]")
 # environment variables passed through from host environment to podman/docker executable
-_PASSTHROUGH_ENVVARS = ("XAUTHORITY", "DISPLAY", "WAYLAND_DISPLAY", "FREETYPE_PROPERTIES",
+_PASSTHROUGH_ENVVARS = ("XAUTHORITY", "DISPLAY", "XDG_SESSION_TYPE", "FREETYPE_PROPERTIES",
                         "SSH_AUTH_SOCK", "GPG_AGENT_INFO",
                         "__NV_PRIME_RENDER_OFFLOAD", "__GLX_VENDOR_LIBRARY_NAME",
                         "__VK_LAYER_NV_optimus", "VK_ICD_FILES", "VK_ICD_FILENAMES")
+# environment variables passed from host to podman/docker executable with empty if not set;
+# note that these variables are assumed to have values that don't need quoting by /bin/sh
+# else code will need to be updated to quote $<var> value when passing to the shell
+_PASSTHRU_EMPTY_ENVVARS = ("WAYLAND_DISPLAY", "QT_QPA_PLATFORM")
+# characters that need to be escaped in quoted string of Exec/TryExec line
+_DESKTOP_ESCAPE_RE = re.compile(r'["`$\\]')
 
 
 def install_package(args: argparse.Namespace, pkgmgr: SectionProxy, docker_cmd: str,
@@ -356,9 +362,9 @@ def wrap_container_files(package: str, copy_type: CopyType, app_flags: dict[str,
                     # clear EXECUTABLE mask so that no wrapper executable is created
                     copy_type &= ~CopyType.EXECUTABLE
 
-    # the "-it" flag is used for both desktop file and executable for podman/docker exec
-    # since it is safe (unless the app may need stdin in which case Terminal must be true
-    #   in its desktop file in which case a terminal will be opened during execution)
+    # the "-i" flag is used in the wrapper executable for podman/docker exec which is safe;
+    # if the app needs stdin then Terminal must be true in its desktop file in which case
+    # a terminal will be opened during execution
     for file_dir, filename, file in file_paths:
         # check if this is a .desktop directory and copy it over adding appropriate
         # "docker exec" prefix to the command
@@ -454,8 +460,6 @@ def _wrap_desktop_file(filename: str, file: str, docker_cmd: str, conf: StaticCo
                       container configuration
     :param wrapper_files: the accumulated list of all wrapper files so far
     """
-    # container name is added to desktop file to make it unique
-    wrapper_name = f"ybox.{conf.box_name}.{filename}"
 
     def replace_exec_icon(match: re.Match[str]) -> str:
         """replace Exec, TryExec and Icon lines appropriately for the host system"""
@@ -475,14 +479,20 @@ def _wrap_desktop_file(filename: str, file: str, docker_cmd: str, conf: StaticCo
         else:
             full_cmd = program
         # pseudo-tty cannot be allocated with rootless docker outside of a terminal app
-        env_vars = " -e=".join(_PASSTHROUGH_ENVVARS)
-        return (f'{exec_word}{docker_cmd} exec -e={env_vars} {conf.box_name} '
-                f'/usr/local/bin/run-in-dir "" {full_cmd}\n')
+        ev1 = " -e=".join(_PASSTHROUGH_ENVVARS)
+        ev2 = " -e=".join((f"{k}=\\\\${k}" for k in _PASSTHRU_EMPTY_ENVVARS))
+        full_cmd = _DESKTOP_ESCAPE_RE.sub(r'\\\g<0>', full_cmd)
+        # TODO: SW: add "-i" flag if Terminal is true
+        return (f'{exec_word}/bin/sh -c "{docker_cmd} exec -e={ev1} -e={ev2} {conf.box_name} '
+                f'/usr/local/bin/run-in-dir \\\\"\\\\" {full_cmd}"\n')
 
     # the destination will be $HOME/.local/share/applications
     os.makedirs(conf.env.user_applications_dir, mode=Consts.default_directory_mode(),
                 exist_ok=True)
-    wrapper_file = f"{conf.env.user_applications_dir}/{wrapper_name}"
+    wrapper_file = f"{conf.env.user_applications_dir}/{filename}"
+    if os.path.exists(wrapper_file):
+        # container name is added to desktop file to make it unique
+        wrapper_file = f"{conf.env.user_applications_dir}/ybox.{conf.box_name}.{filename}"
     print_notice(f"Linking container desktop file {file} to {wrapper_file}")
 
     def write_desktop_file(src: str) -> None:
@@ -622,9 +632,12 @@ def _wrap_executable(filename: str, file: str, docker_cmd: str, conf: StaticConf
             lambda f_match: _replace_flags(f_match, flags, f'"{file}"', '"$@"'), flags)
     else:
         full_cmd = f'/usr/local/bin/run-in-dir "`pwd`" "{file}" "$@"'
-    env_vars = " -e=".join(_PASSTHROUGH_ENVVARS)
+    ev1 = " -e=".join(_PASSTHROUGH_ENVVARS)
+    ev2 = " -e=".join((f"{k}=${k}" for k in _PASSTHRU_EMPTY_ENVVARS))
+    # TODO: some apps like those asking for password from terminal (e.g. ssh/ykman) also
+    # need pseudo-terminal i.e. "-t", so allow for an cmdline option to add "-t" here
     exec_content = ("#!/bin/sh\n",
-                    f"exec {docker_cmd} exec -it -e={env_vars} {conf.box_name} ", full_cmd)
+                    f"exec {docker_cmd} exec -i -e={ev1} -e={ev2} {conf.box_name} ", full_cmd)
     with open(wrapper_exec, "w", encoding="utf-8") as wrapper_fd:
         wrapper_fd.writelines(exec_content)
     os.chmod(wrapper_exec, mode=0o755, follow_symlinks=True)

ybox/run/create.py

@@ -8,6 +8,7 @@ import grp
 import os
 import pwd
 import re
+import shlex
 import shutil
 import stat
 import subprocess
@@ -491,16 +492,20 @@ def process_sections(profile: PathName, conf: StaticConfiguration, pkgmgr: Secti
     for section in config.sections():
         if section == "security":
             process_security_section(config["security"], profile, docker_args)
+        elif section == "network":
+            process_network_section(config["network"], profile, docker_args)
         elif section == "mounts":
             process_mounts_section(config["mounts"], docker_args)
         elif section == "env":
-            process_env_section(config["env"], docker_args)
+            process_env_section(config["env"], conf, docker_args)
         elif section == "configs":
             if config_hardlinks is not None:
                 process_configs_section(config["configs"], config_hardlinks, conf, docker_args)
         elif section == "apps":
             apps_with_deps = process_apps_section(config["apps"], conf, pkgmgr)
-        elif section not in ("base", "app_flags", "startup"):
+        elif section == "startup":
+            process_startup_section(config["startup"], conf)
+        elif section not in ("base", "app_flags"):
             raise NotSupportedError(f"Unknown section [{section}] in '{profile}' "
                                     "or one of its includes")
     return shared_root, config, apps_with_deps
@@ -649,8 +654,11 @@ def process_base_section(base_section: SectionProxy, profile: PathName, conf: St
         elif key == "devices":
             if val:
                 add_multi_opt(docker_args, "device", val)
+        elif key == "custom_options":
+            if val:
+                docker_args.extend(shlex.split(val))
         elif key not in ("name", "dbus_sys", "includes"):
-            raise NotSupportedError(f"Unknown key '{key}' in the [base] of {profile} "
+            raise NotSupportedError(f"Unknown key '{key}' in the [base] section of {profile} "
                                     "or its includes")
     if config_locale:
         for lang_var in ("LANG", "LANGUAGE"):
@@ -796,7 +804,38 @@ def process_security_section(sec_section: SectionProxy, profile: PathName,
             if _get_boolean(val):
                 docker_args.append("--security-opt=no-new-privileges")
         else:
-            raise NotSupportedError(f"Unknown key '{key}' in the [security] of {profile} "
+            raise NotSupportedError(f"Unknown key '{key}' in the [security] section of {profile} "
+                                    "or its includes")
+
+
+def process_network_section(net_section: SectionProxy, profile: PathName,
+                            docker_args: list[str]) -> None:
+    """
+    Process the `[network]` section in the container profile to append required podman/docker
+    options in the list that has been passed.
+
+    :param net_section: an object of :class:`SectionProxy` from parsing the `[network]` section
+    :param profile: the profile file returned by :func:`select_profile` to use for ybox container
+                    configuration as a `Path` or resource file from importlib (`Traversable`)
+    :param docker_args: list of podman/docker arguments to which required options as per the
+                        configuration in the `[network]` section are appended
+    :raises NotSupportedError: if there is an unknown key in the `[network]` section
+    """
+    net_options = {"mode": "network", "host": "hostname", "dns": "dns", "dns_option": "dns-option",
+                   "dns_search": "dns-search", "ip": "ip", "ip6": "ip6", "mac": "mac-address",
+                   "alias": "network-alias"}
+    multi_options = {"expose": "expose", "publish": "publish"}
+    for key, val in net_section.items():
+        if opt := net_options.get(key):
+            if val:
+                docker_args.append(f"--{opt}={val}")
+        elif opt := multi_options.get(key):
+            add_multi_opt(docker_args, opt, val)
+        elif key == "publish_all":
+            if not val or _get_boolean(val):  # empty value means enable
+                docker_args.append("-P")
+        else:
+            raise NotSupportedError(f"Unknown key '{key}' in the [network] section of {profile} "
                                     "or its includes")
 
 
@@ -811,7 +850,7 @@ def process_mounts_section(mounts_section: SectionProxy, docker_args: list[str])
     """
     # keys here are only symbolic names and serve no purpose other than allowing
     # later profile files to override previous ones
-    for _, val in mounts_section.items():
+    for val in mounts_section.values():
         if val:
             if "=" in val or "," in val:
                 docker_args.append(f"--mount={val}")
@@ -861,7 +900,10 @@ def process_configs_section(configs_section: SectionProxy, config_hardlinks: boo
             dest_path = f"{conf.configs_dir}/{dest_rel_path}"
             if os.access(src_path, os.R_OK):
                 if os.path.exists(dest_path):
-                    shutil.rmtree(dest_path, ignore_errors=True)
+                    if os.path.isdir(dest_path):
+                        shutil.rmtree(dest_path)
+                    else:
+                        os.unlink(dest_path)
                 else:
                     os.makedirs(os.path.dirname(dest_path),
                                 mode=Consts.default_directory_mode(), exist_ok=True)
@@ -891,15 +933,27 @@ def process_configs_section(configs_section: SectionProxy, config_hardlinks: boo
     add_mount_option(docker_args, conf.configs_dir, conf.target_configs_dir)
 
 
-def process_env_section(env_section: SectionProxy, docker_args: list[str]) -> None:
+def process_env_section(env_section: SectionProxy, conf: StaticConfiguration,
+                        docker_args: list[str]) -> None:
     """
     Process the `[env]` section in the container profile to append required podman/docker
     options in the list that has been passed.
 
     :param env_section: an object of :class:`SectionProxy` from parsing the `[env]` section
+    :param conf: the :class:`StaticConfiguration` for the container
     :param docker_args: list of podman/docker arguments to which required options as per the
                         configuration in the `[env]` section are appended
     """
+    # add a TMPDIR to share between host and container since some apps require TMPDIR to be
+    # visible on the host (e.g. electron uses it to expose the app/tray icon available via dbus)
+    if "TMPDIR" not in env_section:
+        # use /var/tmp rather than /tmp since latter is a tmpfs system in many setups that will not
+        # retain the created tmpdir after a reboot
+        tmpdir = f"/var/tmp/ybox.{conf.box_name}"
+        os.makedirs(tmpdir, exist_ok=True)
+        os.chmod(tmpdir, 0o1777)
+        add_mount_option(docker_args, tmpdir, tmpdir)
+        add_env_option(docker_args, "TMPDIR", tmpdir)
     for key, val in env_section.items():
         add_env_option(docker_args, key, val)
 
@@ -939,7 +993,7 @@ def process_apps_section(apps_section: SectionProxy, conf: StaticConfiguration,
         return dep
 
     with open(conf.app_list, "w", encoding="utf-8") as apps_fd:
-        for _, val in apps_section.items():
+        for val in apps_section.values():
             apps = [app.strip() for app in val.split(",")]
             deps = [capture_dep(match) for dep in apps if (match := _DEP_SUFFIX.match(dep))]
             if deps:
@@ -952,6 +1006,21 @@ def process_apps_section(apps_section: SectionProxy, conf: StaticConfiguration,
     return apps_with_deps
 
 
+def process_startup_section(startup_section: SectionProxy, conf: StaticConfiguration) -> None:
+    """
+    Process the `[startup]` section in the container profile to write the list of commands to be
+    executed (in background) in the container on startup.
+
+    :param startup_section: an object of :class:`SectionProxy` from parsing the `[startup]` section
+    :param conf: the :class:`StaticConfiguration` for the container
+    """
+    if not startup_section:
+        return
+    with open(conf.startup_list, "w", encoding="utf-8") as startup_fd:
+        for val in startup_section.values():
+            startup_fd.write(val + "\n")
+
+
 # The shutil.copytree(...) method does not work correctly for "symlinks=False" (or at least
 #   not like 'cp -aL' or 'cp -alL') where it does not create the source symlinked file rather
 # only the target one in the destination directory, and neither does it provide the option to
@@ -1236,6 +1305,9 @@ def run_container(docker_full_cmd: list[str], current_user: str, shared_root: st
     if os.access(conf.app_list, os.R_OK):
         docker_full_cmd.append("-a")
         docker_full_cmd.append(f"{conf.target_scripts_dir}/app.list")
+    if os.access(conf.startup_list, os.R_OK):
+        docker_full_cmd.append("-s")
+        docker_full_cmd.append(f"{conf.target_scripts_dir}/startup.list")
     docker_full_cmd.append(conf.box_name)
 
     if (code := int(run_command(docker_full_cmd, exit_on_error=False,

ybox/run/destroy.py

@@ -56,6 +56,11 @@ def main_argv(argv: list[str]) -> None:
     rm_args.append(container_name)
     run_command(rm_args, error_msg=f"removing '{container_name}'")
 
+    # remove shared TMPDIR if present
+    tmpdir = f"/var/tmp/ybox.{container_name}"
+    if os.path.isdir(tmpdir) and os.access(tmpdir, os.W_OK):
+        shutil.rmtree(tmpdir)
+
     # remove systemd service file and reload daemon
     if systemctl:
         print_color(f"Removing systemd service '{ybox_svc}' and reloading daemon", fg=fgcolor.cyan)

ybox/run/graphics.py

@@ -126,12 +126,11 @@ def enable_wayland(docker_args: list[str], env: Environ) -> None:
     :param docker_args: list of podman/docker arguments to which the options have to be appended
     :param env: an instance of the current :class:`Environ`
     """
-    if env.xdg_rt_dir and (wayland_display := os.environ.get("WAYLAND_DISPLAY")):
-        add_env_option(docker_args, "WAYLAND_DISPLAY", wayland_display)
-        wayland_sock = f"{env.xdg_rt_dir}/{wayland_display}"
-        if os.access(wayland_sock, os.W_OK):
-            add_mount_option(docker_args, wayland_sock,
-                             f"{env.target_xdg_rt_dir}/{wayland_display}")
+    if env.xdg_rt_dir:
+        add_env_option(docker_args, "WAYLAND_DISPLAY")
+        # don't bind wayland sockets rather link in entrypoint so that it works even
+        # when run in X11 setup after being created in Wayland setup
+        add_env_option(docker_args, "ENABLE_WAYLAND", "true")
 
 
 def enable_dri(docker_args: list[str]) -> None:

ybox/run/pkg.py

@@ -376,7 +376,8 @@ def add_clean(subparser: argparse.ArgumentParser) -> None:
 
     :param subparser: the :class:`argparse.ArgumentParser` object for the sub-command
     """
-    subparser.set_defaults(needs_state=False)
+    subparser.add_argument("-A", "--ask", action="store_true",
+                           help="ask before each action else silently clean everything")
     subparser.set_defaults(group_by_shared_root=True)
     subparser.set_defaults(func=clean_cache)
 

{ybox-0.9.11.1.dist-info → ybox-0.9.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ybox
-Version: 0.9.11.1
+Version: 0.9.12
 Summary: Securely run Linux distribution inside a container
 Author-email: Sumedh Wale <sumwale@yahoo.com>, Vishal Rao <vishalrao@gmail.com>
 License: Copyright (c) 2024-2025 Sumedh Wale and contributors

{ybox-0.9.11.1.dist-info → ybox-0.9.12.dist-info}/RECORD

@@ -1,6 +1,6 @@
-ybox/__init__.py,sha256=47nYoSFJMxMZxzaum5Ao3cassZ5ZNLXP6zt45UEiawc,99
+ybox/__init__.py,sha256=euvdPF2ShKWgI_hWeHofsb2H88d7__eqDvD84FRr8IE,97
 ybox/cmd.py,sha256=RaNZ7LBqUNwpqQkitR29WLoItjkMfZmaFEeryLTR_tM,14962
-ybox/config.py,sha256=inmuUhlAZb6EKLGYWdymsqoHggtiLd58kc125l25ACA,9943
+ybox/config.py,sha256=tK0iNJSpb_2So_XtyqE-fWFgoczVME6Kh03lU9qorFs,10049
 ybox/env.py,sha256=6o0tJ163KWhVZHnhDRWw_16nMMYoy4-2yAHSJYBSL-0,9420
 ybox/filelock.py,sha256=nWBp3jvbtrNziRzNcWm6FVVA_lhMccLwgLCVT2IDK5c,3185
 ybox/print.py,sha256=hAQjTb6JmtjWh0sF4GdZHcKRph5iMKP5x23s8LE85q4,4343
@@ -9,14 +9,14 @@ ybox/util.py,sha256=D4OgNCH0LXyHR9x0dCXCgkLFGvfgy--mqUbDbZRPobg,16520
 ybox/conf/completions/ybox.fish,sha256=zTfCb0XvTzzZUbYuIxV1BNSSpUZ1qbkbA5L4SfReLhc,6035
 ybox/conf/distros/supported.list,sha256=KAN7lbNfbRqF20KqEd0-BzF8U5uPx4n9h0W9zVh9z5o,52
 ybox/conf/distros/arch/add-gpg-key.sh,sha256=kLMCT15hYadjhInYwQiiyF4u6rJl8n4gGfzEKuMKvTg,644
-ybox/conf/distros/arch/distro.ini,sha256=NlCnhU4mmO9nE08BcO7hEQ83osMbHgIhLYybGG5rCNc,11026
+ybox/conf/distros/arch/distro.ini,sha256=zOJ_XhJzbMbcqEIc3xxuZuRwyDevtM0s9g4Jcg8Ekqo,11039
 ybox/conf/distros/arch/init-base.sh,sha256=eqdVzrMqP0hP52S_xxYZJ8n1lStlPn-eSP2e4DpHvWc,311
 ybox/conf/distros/arch/init-user.sh,sha256=tb_NX4xNRU2pSuuVf2jSb7019uLfxBDbKI7ZyOtzSA4,1127
 ybox/conf/distros/arch/init.sh,sha256=7f96YVjgQnOWItaxDjllgOl4LD9ibqzuhSk2QbDutvU,3578
 ybox/conf/distros/arch/list_fmt_long.py,sha256=Ws9Mt9CKInxqUSn98P6-Csik2QqEjyBHp5NyUHlbcoU,2825
 ybox/conf/distros/arch/pkgdeps.py,sha256=Y77N1xHmHZRyZ9_diFVvoqBd44lZXIIJ2ipX7YVlrT8,14081
 ybox/conf/distros/deb-generic/check-package.sh,sha256=bMiOi6Cp_UrtXm_sXOWBq4Xng2EwXYerqBuRLtGYIlo,2621
-ybox/conf/distros/deb-generic/distro.ini,sha256=ZDWJG-cvx1BuI2RwynIvDwxzuzvVaYNv68PD-J57t84,11361
+ybox/conf/distros/deb-generic/distro.ini,sha256=11iz-Ab5kwHg9n_bXHws6mB258GSkc0On5ouz-BtX0U,11381
 ybox/conf/distros/deb-generic/fetch-gpg-key-id.sh,sha256=sTsLWILZosYJcGV1u8qBdczQAFBda2Zlsp1xbpy8nzo,836
 ybox/conf/distros/deb-generic/init-base.sh,sha256=rim7UckGos0phyOAiNYbIjOVG9C4gKQSB-YbZcTFIms,191
 ybox/conf/distros/deb-generic/init-user.sh,sha256=RDt9sZuv6cSX1WBaRGcLMq2ZTBhVZmZVWD1t0wjvizU,20
@@ -28,24 +28,24 @@ ybox/conf/distros/deb-stable/distro.ini,sha256=xyQ31mLOpj3Z1MK-UYuc_9NfEkb7Gy10M
 ybox/conf/distros/ubuntu2204/distro.ini,sha256=3Pw1Q30USyKMUcHp_cvlqhwyU0FPo8O2AHWkgd0cdE4,1105
 ybox/conf/distros/ubuntu2404/distro.ini,sha256=ra4_EteDsHrw9UcehP4qLGTn98gAHc4JCb56CDzz1Wo,1102
 ybox/conf/profiles/apps.ini,sha256=vxVVy9oUw31to8CaagNZj9MQpGHIK2xARN4nzHy4vZ0,1270
-ybox/conf/profiles/basic.ini,sha256=FGSDOooI4meXhQlwFpPo_RxZ62it3bvdjqWkpVVDcA4,19713
+ybox/conf/profiles/basic.ini,sha256=7RAJUtQzpUbyJSynoxSaC-l-unQbB3pOtG5DMBOvs9I,21322
 ybox/conf/profiles/dev.ini,sha256=Qicas_96ZoG3nsm1MSE1urarlBzIj9kBGmUqrk_cD3g,976
 ybox/conf/profiles/games.ini,sha256=FiBILNFOMpjKhrIR9nPbPj9QDUeI5h9wZaNXIb6Z7dc,1792
 ybox/conf/resources/entrypoint-base.sh,sha256=hcW8ZLHM-jlHx7McoKTo8HIFz_VBBPD0I3WqlX7LjHs,4890
 ybox/conf/resources/entrypoint-common.sh,sha256=fMopKBLeGuVV0ukANXh_ZHGTR1yGq108CTN_M2MNPyQ,461
 ybox/conf/resources/entrypoint-cp.sh,sha256=jemWFCqfme9blVtfVxqBzCsCp7b-bN2aFLajruF0GGQ,814
 ybox/conf/resources/entrypoint-root.sh,sha256=58xcDX58ZtEFSr7ZSUFmzKt1OyGU29OrxjOmDiR6V8Q,706
-ybox/conf/resources/entrypoint-user.sh,sha256=Tps_UyQGyGn30LbgKm3gpzZtjOHnJpnlKx-px2GAd7A,698
-ybox/conf/resources/entrypoint.sh,sha256=jbfFfUprU7ycp0moZLXNdnxk_bhtDxAk6byEiPMNz-s,8560
+ybox/conf/resources/entrypoint-user.sh,sha256=aH_bPcXbmevIsAlFwFT0Npucxi5lRHfpwH_lP4cB_ZY,711
+ybox/conf/resources/entrypoint.sh,sha256=yOLEcujvawDtxrVbHbNsTZ4egobjO_F_BNR5m8pHdB0,8842
 ybox/conf/resources/prime-run,sha256=en8wEspc2Hzod9rq8KKnPQrjIPTLjUk44TqmtX-g0sw,339
-ybox/conf/resources/run-in-dir,sha256=-Xnwp4n6TK_2yPeBhGX6agenztyOtZ0316-vUlfOIag,2299
+ybox/conf/resources/run-in-dir,sha256=1Lt1LeIRcyFb18OHtzqo0SH72GSz1-o_igtJjBT5BJk,2289
 ybox/conf/resources/run-user-bash-cmd,sha256=LMlPoHtzYNDcOI885ouBha9xGRnQ6AWCFVsSu2dxy10,1065
 ybox/conf/resources/ybox-systemd.template,sha256=bA-bJOmc07Be-mQYtoFzl0yq4SJACv-FkAoKscPTh3g,779
 ybox/migrate/0.9.0-0.9.10:0.9.11.py,sha256=WHvIWvUhXnruzSYwWYnv2zPNOlkXfAyaaJ_nZwG2wwE,1627
 ybox/pkg/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ybox/pkg/clean.py,sha256=UlsrJLfZOyKg-7BE8s9xPvAyuUXSwvU5x-E7MMjGJSE,1219
+ybox/pkg/clean.py,sha256=yYzw8pdH8ipkxi_Z4PK0qO53VeCy3xVxqzIEVj8X8ig,2062
 ybox/pkg/info.py,sha256=HoEsiAi-iPEnAOWBMy9SsA4TOfyqHonRURU8k5EeAWA,1607
-ybox/pkg/inst.py,sha256=SJFysYqEepc_NvAmMH32OesXtP3eYmGJsctra6jF1go,36914
+ybox/pkg/inst.py,sha256=GKbkfq1Nfrrk48RnlnBRqDVoMatZCQhfA4r_QRIV9ew,37864
 ybox/pkg/list.py,sha256=Sk5THAmF132HKEZxJVDlqLLR8Z2w1wRA_E-gBsxlesQ,10097
 ybox/pkg/mark.py,sha256=Hb1FaowdBx8x3GFcakXsq4ERNqI60Gjljr24qXsDGR8,3748
 ybox/pkg/repair.py,sha256=rCwXXJbilJYU73feIIVWGFdbkh6SDcquxgiEnYV6pNs,8080
@@ -56,12 +56,12 @@ ybox/pkg/update.py,sha256=M-1MC8oh-baTHdSPWUUSTU_AhN3eu2nTCSge3bb6GmI,3269
 ybox/run/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ybox/run/cmd.py,sha256=a77RMC14Vovx2NV3LgdAzXVZXStC1TucgjcHPz4x03A,2105
 ybox/run/control.py,sha256=Lvew2tqtWy5xcZMPXuh5sTrM2K92MykXfdMfBuKsIDc,7540
-ybox/run/create.py,sha256=N2ULSoBsMWamBcm_JMLeZQdvMPhilhzFeM1aMkPDw7s,73062
-ybox/run/destroy.py,sha256=i3N2zRCgrQM_lGA6W28O6Y-D1NIwBP64PA1e6vhOkL4,6315
-ybox/run/graphics.py,sha256=mKQFU0la83Rv2V5l9TS25KIbqYmMnZjGQgGghLlfQp8,20309
+ybox/run/create.py,sha256=W-CHKSMV4w-hHnpeYT17H_4x2TzXL29bOCGMo45z7pg,76732
+ybox/run/destroy.py,sha256=JF7LwS0yBUwXUS_McEojsBM1roXoJrRf6wOdTK2QU1c,6492
+ybox/run/graphics.py,sha256=H1_tJEgiW8n_SsYb5icPYCkAK6nwHDl5O337HP38JIg,20212
 ybox/run/logs.py,sha256=pIdMWgNBNl-MgixArbMryUuBNNbi5JvDFP62IZ7jwr8,2050
 ybox/run/ls.py,sha256=7ylyxOOYEsVWK8baM0GaZcUlVQBwpdGiF7EhU09xf2s,2787
-ybox/run/pkg.py,sha256=6pes_wpVmPDiFYGfr8568GpyMByzor4dK5DSWaYmdsE,27219
+ybox/run/pkg.py,sha256=ahBsw7hQ50cK6Kh6E3jxyBt3dDS5o8aGGoEziItSz0I,27325
 ybox/schema/0.9.1-added.sql,sha256=1rGp2DczZmmC_xwjmheeZNPSbDpFzasu6LO3tpTy3zI,1049
 ybox/schema/0.9.6-added.sql,sha256=Qcho6dP5OUpPUW3IBWl_kv88agMPHzueUAKqnZPnt3U,809
 ybox/schema/init.sql,sha256=fei8lPvjb-EIjm5zuA_XkEdjsIE3vtROhgRPt7QMlSs,1599
@@ -69,9 +69,9 @@ ybox/schema/migrate/0.9.0:0.9.1.sql,sha256=e9JGwrjFZXdWKGv2JQZlKcWz8DmOuUARpToSs
 ybox/schema/migrate/0.9.1:0.9.2.sql,sha256=X5J3unDS0eLeVvYKxQgx-iUBoAOk9T2suO34pWlQ-lE,362
 ybox/schema/migrate/0.9.2:0.9.3.sql,sha256=Y7GeBSuEEs7Hs9hh-KYDARgeeMgwQwercvTB5P_-k6I,102
 ybox/schema/migrate/0.9.5:0.9.6.sql,sha256=wqYhmputlUQzBI5zfP7O5kqIFWAbZQ05kolyHK4714A,70
-ybox-0.9.11.1.dist-info/licenses/LICENSE,sha256=7GbFgERMXSwD1VyLA5bo_XHvJipmNEUhDW5Sy51TFeY,1077
-ybox-0.9.11.1.dist-info/METADATA,sha256=b4u_-amCHtBGQUIqgCCHR5Pr2PqykswthwDL-7CMc2g,25774
-ybox-0.9.11.1.dist-info/WHEEL,sha256=pxyMxgL8-pra_rKaQ4drOZAegBVuX-G_4nRHjjgWbmo,91
-ybox-0.9.11.1.dist-info/entry_points.txt,sha256=xDlI_84Hl3ytYO_ERyt0rkJ4ioUF8Z1r49Hx1xL28Rk,243
-ybox-0.9.11.1.dist-info/top_level.txt,sha256=DYX7jvndHcBaJXLJ8vDyKrq0_KWoSeXXFq8r0d5L6Nk,5
-ybox-0.9.11.1.dist-info/RECORD,,
+ybox-0.9.12.dist-info/licenses/LICENSE,sha256=7GbFgERMXSwD1VyLA5bo_XHvJipmNEUhDW5Sy51TFeY,1077
+ybox-0.9.12.dist-info/METADATA,sha256=YUT1FLiwOdvY-4q8qJz06LLgt-ljwCTS4BcbHPCuTyU,25772
+ybox-0.9.12.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+ybox-0.9.12.dist-info/entry_points.txt,sha256=xDlI_84Hl3ytYO_ERyt0rkJ4ioUF8Z1r49Hx1xL28Rk,243
+ybox-0.9.12.dist-info/top_level.txt,sha256=DYX7jvndHcBaJXLJ8vDyKrq0_KWoSeXXFq8r0d5L6Nk,5
+ybox-0.9.12.dist-info/RECORD,,

{ybox-0.9.11.1.dist-info → ybox-0.9.12.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (79.0.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any