bubblejail.services - bubblejail instance service configuration.
services.toml
Bubblejail service is configuration is defined in the "services.toml" file located at ˜/.local/share/bubblejail/instances/<instance_name>/services.toml
"services.toml" is a TOML formatted file.[1] Declaring a table will activate the service and key/values declared in the table will pass the settings to the service.
For example:
[home_share] | ||
home_paths = ["Downloads"] |
Will activate home_share service and share the Downloads folder from home directory with the sandbox.
Common Settings
Settings that don’t fit in any particular category
Options:
executable_name: str | list[str]
Default arguments to run when no arguments were provided
share_local_time: bool
Deprecated
This option has no effect since version 0.6.0
filter_disk_sync: bool
Do not allow flushing disk. Useful for EA Origin client that tries to flush to disk too often.
dbus_name: str
D-Bus name allowed to acquire and own
X11 windowing system
Gives access to X11 socket. This is generally the default Linux windowing system.
Options:
Wayland windowing system
Make sure you are running Wayland session and your application supports Wayland
Options:
Network access
Gives access to network.
Options:
Pulse Audio
Default audio system in most distros
Options:
Home Share
Share directories or files relative to home
Options:
home_paths: list[str]
Path to share with sandbox
Direct Rendering
Provides access to GPU
Options:
enable_aco: bool
Deprecated
Enables high performance vulkan shader compiler for AMD GPUs. Enabled by default since mesa 20.02
System tray icons
Provides access to D-Bus API for creating tray icons This is not the only way to create tray icons but the most common one.
Options:
Joysticks and gamepads
Windowing systems (x11 and wayland) do not support gamepads. Every game has to read from device files directly. This service provides access to required
Options:
Root share
Share directories or files relative to root /
Options:
paths: list[str]
Path to share with sandbox
read_only_paths: list[str]
Path to share read-only with sandbox
Java
Enable for applications that require Java Example: Minecraft
Options:
Notifications
Ability to send notifications to desktop
Options:
GNOME toolkit
Access to GNOME APIs
Options:
gnome_portal: bool
Access to GNOME Portal D-Bus API
dconf_dbus: bool
Access to dconf D-Bus API
gnome_vfs_dbus: bool
Access to GNOME Virtual File System D-Bus API
Pipewire
Pipewire sound and screencapture system
Options:
Video4Linux
Video capture. (webcams and etc.)
Options:
IBus input method
Gives access to IBus input method. This is generally the default input method for multilingual input.
Options:
Fcitx/Fcitx5 input method
Gives access to Fcitx/Fcitx5 input method. This is another popular input method framework.
Options:
Slirp4netns networking
Independent networking stack for sandbox. Requires slirp4netns executable.
Options:
dns_servers: list[str]
DNS servers used. Internal DNS server is always used.
outbound_addr: str
Address or device to bind to. If not set the default address would be used.
disable_host_loopback: bool
Prohibit connecting to host’s loopback interface
Limit namespaces
Limit number of namespaces available inside sandbox. Namespace limits are recursive. Setting limit 0 blocks creating new namespaces. Setting -1 unlocks the limit.
Options:
user: int
Limiting user namespaces blocks acquiring new capabilities and privileges inside namespaces.
mount: int
Limits number mount namespaces.
pid: int
Limits number PID namespaces.
ipc: int
Limits number IPC namespaces.
net: int
Limits number net namespaces.
time: int
Limits number time namespaces.
uts: int
Limits number UTS namespaces.
cgroup: int
Limits number cgroups namespaces.
bubblejail(1)
1. TOML configuration file format. https://toml.io/