RedBear-OS/config/x86_64/desktop-contain.toml

# Desktop configuration using the Contain sandbox

include = ["../desktop.toml"]

# Override the default settings here

# General settings
[general]
# Filesystem size in MiB
# filesystem_size = 1024

# Package settings
[packages]
# example = {}

# Override orbital init to use contain_orblogin
[[files]]
path = "/usr/lib/init.d/20_orbital.service"
data = """
[unit]
description = "Orbital display (contain sandbox)"
requires_weak = ["00_base.target"]

[service]
cmd = "orbital"
args = ["contain_orblogin", "launcher"]
envs = { VT = "3" }
type = "oneshot_async"
"""

# Override console init to use contain
[[files]]
path = "/usr/lib/init.d/30_console.service"
data = """
[unit]
description = "Console terminals (contained)"
requires_weak = ["20_orbital.service"]

[service]
cmd = "getty"
args = ["--contain", "2"]
type = "oneshot_async"
respawn = true
"""

[[files]]
path = "/usr/lib/init.d/31_debug_console.service"
data = """
[unit]
description = "Debug console (contained)"
requires_weak = ["30_console.service"]

[service]
cmd = "getty"
args = ["--contain", "/scheme/debug/no-preserve", "-J"]
type = "oneshot_async"
respawn = true
"""

[[files]]
path = "/etc/contain.toml"
data = """
pass_schemes = ["rand", "null", "tcp", "udp", "thisproc", "pty", "orbital", "display.vesa"]
sandbox_schemes = ["file"]
files = ["file:/dev/null"]
rofiles = ["file:/etc/passwd", "file:/etc/hostname", "file:/etc/localtime"]
dirs = ["file:/tmp"]
rodirs = ["file:/bin", "file:/ui"]
"""