Rework handling of /run and ${RUNUSER} in blacklist mode

2026-03-25 22:48:39 +01:00
parent 0bd91ffad2
commit 82f84247f1
5 changed files with 115 additions and 3 deletions
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -3,6 +3,7 @@ use std::path::PathBuf;
 #[derive(Debug)]
 pub enum SandboxError {
    HomeNotSet,
+    RunUserNotFound,
    BwrapNotFound,
    CommandNotFound(PathBuf),
    CommandNotExecutable(PathBuf),
@@ -21,6 +22,10 @@ impl std::fmt::Display for SandboxError {
                f,
                "$HOME is not set; cannot determine which paths to protect"
            ),
+            Self::RunUserNotFound => write!(
+                f,
+                "cannot determine XDG_RUNTIME_DIR; tried $XDG_RUNTIME_DIR and /proc/self/status"
+            ),
            Self::BwrapNotFound => write!(
                f,
                "bwrap not found; install bubblewrap (e.g. `apt install bubblewrap` or `pacman -S bubblewrap`)"