feat: enable sandbox as a stable feature

(not all expected features are enabled but it works so let's give it to
people as it is for now)

Author: mirkobrombin

bottles/backend/managers/sandbox.py

@@ -40,8 +40,8 @@ def __init__(
         self.envs = envs
         self.chdir = chdir
         self.clear_env = clear_env
-        self.share_paths_ro = share_paths_ro
-        self.share_paths_rw = share_paths_rw
+        self.share_paths_ro = list(share_paths_ro or [])
+        self.share_paths_rw = list(share_paths_rw or [])
         self.share_net = share_net
         self.share_user = share_user
         self.share_host_ro = share_host_ro
@@ -74,7 +74,7 @@ def __get_bwrap(self, cmd: str):
 
         if self.share_paths_rw:
             _cmd += [
-                f"--bind {shlex.quote(p)} {shlex.quote(p)}" for p in self.share_paths_ro
+                f"--bind {shlex.quote(p)} {shlex.quote(p)}" for p in self.share_paths_rw
             ]
 
         if self.share_sound:
@@ -95,21 +95,21 @@ def __get_bwrap(self, cmd: str):
         return _cmd
 
     def __get_flatpak_spawn(self, cmd: str):
-        _cmd = ["flatpak-spawn"]
+        _cmd = ["flatpak-spawn", "--sandbox"]
 
         if self.envs:
             _cmd += [f"--env={k}={shlex.quote(v)}" for k, v in self.envs.items()]
 
-        if self.share_host_ro:
-            _cmd.append("--sandbox")
-            _cmd.append("--sandbox-expose-path-ro=/")
+        if self.clear_env:
+            _cmd.append("--clear-env")
 
         if self.chdir:
-            _cmd.append(f"--directory={shlex.quote(self.chdir)}")
-            _cmd.append(f"--sandbox-expose-path={shlex.quote(self.chdir)}")
+            quoted_dir = shlex.quote(self.chdir)
+            _cmd.append(f"--directory={quoted_dir}")
+            _cmd.append(f"--sandbox-expose-path={quoted_dir}")
 
-        if self.clear_env:
-            _cmd.append("--clear-env")
+        if self.share_host_ro:
+            _cmd.append("--sandbox-expose-path-ro=/")
 
         if self.share_paths_ro:
             _cmd += [
@@ -122,7 +122,8 @@ def __get_flatpak_spawn(self, cmd: str):
                 f"--sandbox-expose-path={shlex.quote(p)}" for p in self.share_paths_rw
             ]
 
-        if not self.share_net:
+        share_net = self.share_net or self.share_bluetooth
+        if not share_net:
             _cmd.append("--no-network")
 
         if self.share_display:

bottles/backend/wine/winecommand.py

@@ -681,7 +681,7 @@ def _get_sandbox_manager(self) -> SandboxManager:
             envs=self.env,
             chdir=self.cwd,
             share_paths_rw=[ManagerUtils.get_bottle_path(self.config)],
-            share_paths_ro=[Paths.runners, Paths.temp],
+            share_paths_ro=[p for p in [Paths.runners, Paths.temp] if p],
             share_net=self.config.Sandbox.share_net,
             share_sound=self.config.Sandbox.share_sound,
         )

bottles/frontend/ui/details-preferences.blp

@@ -290,7 +290,6 @@ template $DetailsPreferences: Adw.PreferencesPage {
 
     Adw.ActionRow row_sandbox {
       activatable-widget: switch_sandbox;
-      visible: false;
       title: _("Dedicated Sandbox");
       subtitle: _("Use a restricted/managed environment for this bottle.");
 

bottles/frontend/ui/dialog-sandbox.blp

@@ -38,7 +38,9 @@ template $SandboxDialog: Adw.Window {
             valign: center;
           }
         }
+
       }
+
     }
   }
 }

bottles/frontend/ui/preferences.blp

@@ -284,22 +284,4 @@ template $PreferencesWindow: Adw.PreferencesWindow {
     }
   }
 
-  Adw.PreferencesPage {
-    icon-name: "applications-science-symbolic";
-    title: _("Experiments");
-
-    Adw.PreferencesGroup {
-      description: _("These features are under heavy development and may be unstable, expect bugs and breakage.");
-
-      Adw.ActionRow {
-        title: _("Sandbox per bottle");
-        subtitle: _("In early development.");
-        activatable-widget: switch_sandbox;
-
-        Switch switch_sandbox {
-          valign: center;
-        }
-      }
-    }
-  }
 }

bottles/frontend/views/bottle_preferences.py

@@ -998,7 +998,3 @@ def __set_steam_rules(self):
         ]:
             w.set_visible(status)
             w.set_sensitive(status)
-
-        self.row_sandbox.set_visible(
-            self.window.settings.get_boolean("experiments-sandbox")
-        )

bottles/frontend/views/preferences.py

@@ -47,7 +47,6 @@ class PreferencesWindow(Adw.PreferencesWindow):
     switch_temp = Gtk.Template.Child()
     switch_release_candidate = Gtk.Template.Child()
     switch_steam = Gtk.Template.Child()
-    switch_sandbox = Gtk.Template.Child()
     switch_auto_close = Gtk.Template.Child()
     switch_update_date = Gtk.Template.Child()
     switch_steam_programs = Gtk.Template.Child()
@@ -117,12 +116,6 @@ def __init__(self, window, **kwargs):
             "active",
             Gio.SettingsBindFlags.DEFAULT,
         )
-        self.settings.bind(
-            "experiments-sandbox",
-            self.switch_sandbox,
-            "active",
-            Gio.SettingsBindFlags.DEFAULT,
-        )
         self.settings.bind(
             "auto-close-bottles",
             self.switch_auto_close,

data/com.usebottles.bottles.gschema.xml

@@ -76,11 +76,6 @@
       <summary>Steam Proton Support</summary>
       <description>Toggle Steam Proton prefixes support.</description>
     </key>
-    <key type="b" name="experiments-sandbox">
-      <default>false</default>
-      <summary>Experiments:sandbox</summary>
-      <description>Toggle experimental Sandbox per bottle.</description>
-    </key>
     <key type="b" name="auto-close-bottles">
       <default>false</default>
       <summary>Automatically close Bottles</summary>