-
-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improved sandboxing method for AppImages with revamped option --sandbox, dropping Firejail support in favor of "Aisap" #663
Conversation
@ivan-hc I'm surprised you will remove firejail. I didn't think you would do it, thank you so much. Yeah firejail has a bad reputation now, and advertising it in am isn't a good idea. Btw this change is BIG, getting bubblewrap sandboxing is like when appimages started using |
I added this to make the script launch am and install aisap without having the need to type
However that results in a double error for some reason: However it still installs aisap anyway. So I guess I will just silence am completly lol. EDIT: FIxed it, it is a hack but works lol The double error is because I had When what I intended with that was try to use am and then appman. I don't know if there is an env variable that I could use there instead. Because now it looks like this:
And I don't know if is possible for appman to be installed but not am. This is a very minor issue anyway I tried to use |
After I added your new module, this is what happens:
|
Uh oh. but why? All that should have been done is replace the wget for the path to the module? |
@Samueru-sama never mind. I've already fixed everything and tested everything with AM and AppMan, even removing "Aisap" for both, in the lates 2 hours. |
All changes I've made are around your module, that I've renamed "sandboxes.am" and then reimplemented/refactored also the -H option. So your module takes the place of the old sandboxes.am |
Thanks but this looks like a bug nonetheless. I just tested trying what I originally had in mind with the module being a script basically: chmod says that it is not a directory? It is not indeed but why does it say that. First time I see such error. I don't want you to rollback the changes just in case, just that I find that error very weird. |
have you updated using --devmode-enable? |
I didn't do on purpose, I still have the old script on When I do that it doesn't work for some reason. I know you fixed it in a different way, just that I found that issue weird. |
Anyway I've tested the changes you did and it is all working. |
@Samueru-sama I think we are ready. Also the README has been updated. I'd like to add a brief video in the meantime. |
I suggest you use librewolf for the demo. As aisap also gives it access to |
I just showed how to run the command and reference links for further reading. On the other hand, in the example there are Anydesk and Lxtask, and the latter is the only one that works in sandbox. |
All the important links for documentation have been listed. Also the "Aisap" project will get more interest and support after this update. @mgord9518 will get much more attention and support from developers and users. Guaranteed. |
Update README.md
I forgot to add info about .am-sandboxes on the README, @Samueru-sama can you add these for me? |
I'm sorry but I'm not very sure how the formatting should be there. You can use the header of the original script as reference though:
And maybe highlight that this sandbox method uses bubblewrap. |
Btw @ivan-hc I'm going to archive the original |
You're just archiving it, right? You're not deleting it, I hope. Let's say someone in the future wants to create a sandboxing method for all locales, without "AM". What better tool than your script? |
Yes just archiving it. |
What do you mean version 6.12 😭 This wasn't that small of a change, but anyway it is just number lol. |
This change is great, but its far from a version 7:
That said here are the main versions:
@Samueru-sama I don't know what will determine the release 7 in the future, nor I know if there will be one... but this is not the case. Fun fact, since Jun 6, 2022 the issue number 8 of this repository is still opened. The one about the GUI. So we were between release 3 and 4. So it is opened from two years and 10 days. |
I see, but remember that now the changes are being done little by little.
On their own they seem like small things, but together they are a bigger change. This is like the ship of theseus, at some point all these small changes accumulate AM will be vastly more different than the AM that was a few months ago. But anyway, it is just a number. What matters is am itself.
Btw did you test the vappman GUI? I couldn't ge it to launch but that is me fighting with the python package manager lol. |
I'm not a Python fan, nor a PIP fan at all. |
In this change we get rid of the obsolete "firejail" and related option "--firejail" to implement a modern and more flexible method using the following tools:
AM users will need sudo to correctly enable the "aisap" sandbox for AppImages, to replace the symlink in /usr/local/bin with a script like this:
for more details visit the repository https://github.com/Samueru-sama/aisap-am
This is how to enable and disable the "aisap" sandbox
a quick view of the CLI interface