Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kraftland/portable

An easy to use sandboxing framework that includes D-Bus proxy filtering, data isolation, access control and more. Supports accessibility.
https://github.com/kraftland/portable

dbus framework packaging proxy sandbox secure shell

Last synced: 17 days ago
JSON representation

An easy to use sandboxing framework that includes D-Bus proxy filtering, data isolation, access control and more. Supports accessibility.

Host: GitHub
URL: https://github.com/kraftland/portable
Owner: Kraftland
License: gpl-3.0
Created: 2024-11-11T03:36:51.000Z (3 months ago)
Default Branch: master
Last Pushed: 2025-01-15T14:12:00.000Z (23 days ago)
Last Synced: 2025-01-15T16:09:52.923Z (22 days ago)
Topics: dbus, framework, packaging, proxy, sandbox, secure, shell
Language: Shell
Homepage:
Size: 465 KB
Stars: 9
Watchers: 1
Forks: 3
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# What is this
Portable is a sandbox framework targeted for Desktop usage and offers ease of use for packagers. It provides isolation to the filesystem, in addition to blocking non-portal calls, filtering accessibility calls, it also stops unsafe portals from being used like the location portal and screenshot portal. Portable itself is still in development and have already been applied to [Minecraft](https://github.com/Kimiblock/moeOS.config/blob/master/usr/bin/mcLaunch), WeChat and Discord.

**Running untrusted code is never safe, sandboxing does not change this.**

Discuss Development at [#portable-dev:matrix.org](https://matrix.to/#/#portable-dev:matrix.org)

Demo

---

# File installment

## Portable

Install aur/portable-git, aur/portable or install files directly

```
install -Dm755 portable.sh /usr/bin/portable
install -Dm755 open.sh /usr/lib/portable/open
install -Dm755 user-dirs.dirs /usr/lib/portable/user-dirs.dirs
install -Dm755 mimeapps.list /usr/lib/portable/mimeapps.list
install -Dm755 flatpak-info /usr/lib/portable/flatpak-info
install -Dm755 bwrapinfo.json /usr/lib/portable/bwrapinfo.json
```

## Configurations

Preferred location:

```
# Modify before installing
install -Dm755 config /usr/lib/portable/info/appID/config
```

## Runtime

Environment variables are read from `XDG_DATA_HOME/stateDirectory/portable.env`

Start portable with environment variable `_portableConfig`, which is pointed to the actual config. It searches absolute path (if exists), `/usr/lib/portable/info/${_portableConfig}/config` and `$(pwd)/${_portableConfig}` respectively. The legacy `_portalConfig` will work for future releases.

## .desktop requirements

The name of your .desktop file should match the appID, like `top.kimiblock.example.desktop`

Your .desktop file should contain the following entries:

```
X-Flatpak-Tags=aTag;
X-Flatpak=appID;
X-Flatpak-RenamedFrom=previousName.desktop;
```

### Arguments

`--actions f5aaebc6-0014-4d30-beba-72bce57e0650`: Toggle Sandbox, requires user confirmation.

`--actions opendir`: Open the sandbox's home directory.

`--actions share-files`: Choose multiple files to share with the sandbox. The file will be temporarily stored in `XDG_DATA_HOME/stateDirectory/Shared`, which is purged each launch.

`--actions quit`: Stop sandbox and D-Bus proxy. If the app fails to stop after 20s, it'll be killed.

`--actions inspect`: Enters the sandbox.

### Debugging

#### Entering sandbox
Start portable with argument `--actions connect-tty debug-shell`

Optionally enable debugging output using environment variable `PORTABLE_LOGGING=debug`

# Repository mirror
This repository is available @ [Codeberg](https://codeberg.org/Kimiblock/portable) due to AUR packaging for Chinese users.