is it possible to use umu inside bwrap

[beh-10257]

basically I use nixos
but thats not really relevant I have this error

and I have no idea how to fix it
basically if someone was able just to run umu in bwrap just send the command

[R1kaB3rN]

Yes, it's possible to use bwrap with umu as long as the sandbox is setup properly and the IPC namespace is shared. And I'm guessing you ran into the KeyError because your custom script runs umu under bwrap and is creating new namespaces? I don't know what's in your script, but I think unsharing the user namespace and setting the --uid option may be related to the KeyError as I expect that error to not happen under normal circumstances.

[R1kaB3rN]

Also, I had thoughts to implement creating custom bwrap containers in the next release to allow modifying the filesystem (e.g., not exposing the entire home directory). However, this use case would be very niche and it would be in the configuration file usage. For example:

[umu]
game_id = 'flowers'
exe = '/home/foo/Games/umu/flowers/drive_c/GOG Games/Flowers - Le Volume Sur Printemps/FLOWERS.exe'
prefix = '/home/foo/Games/umu/flowers'
proton = '/home/foo/.local/share/Steam/compatibilitytools.d/GE-Proton9-7'
sandbox = true # Unshares the home directory and only exposes what's necessary

[[bwrap.bind]] # Mounts the winetricks cache to the sandbox
src = "/home/foo/.cache/winetricks"
dest = "/home/foo/.cache/winetricks"

[R1kaB3rN]

By the way, since it seems you use bwrap, umu sources it's own copy of bwrap so you actually don't need to install the bwrap package. You can find it in $HOME/.local/share/umu/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap

[beh-10257]

Yes, it's possible to use bwrap with umu as long as the sandbox is setup properly and the IPC namespace is shared. And I'm guessing you ran into the KeyError because your custom script runs umu under bwrap and is creating new namespaces? I don't know what's in your script, but I think unsharing the user namespace and setting the --uid option may be related to the KeyError as I expect that error to not happen under normal circumstances.

can you give me a script with this actually working
this is mine

export VKBASALT_CONFIG_FILE=/home/behe/Games/Genshin-Impact/vkBasalt.conf
export ENABLE_VKBASALT=0
export DXVK_CONFIG_FILE=/home/behe/Games/Genshin-Impact/dxvk.conf
export WINEPREFIX=/home/behe/Games/HOLLOW-KNIGHT
export GAMEID=0
export MANGOAPP_CONFIGFILE=~/.config/MangoHud/MangoHud.conf
export MANGOHUD=0
bwrap \
--die-with-parent \
--dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /nix /nix \
--ro-bind $XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--ro-bind /home/behe/.config/MangoHud/MangoHud.conf /home/behe/.config/MangoHud/MangoHud.conf \
--ro-bind /home/behe/Games/Shaders /home/behe/Games/Shaders \
--ro-bind /etc/fonts /etc/fonts \
--ro-bind /lib64 /lib64 \
--ro-bind /lib /lib \
--ro-bind /etc/localtime /etc/localtime \
--ro-bind /etc/host.conf /etc/host.conf \
--ro-bind /etc/zoneinfo /etc/zoneinfo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/profiles/per-user/behe /etc/profiles/per-user/behe \
--ro-bind /etc/static/profiles/per-user/behe /etc/static/profiles/per-user/behe \
--ro-bind $XDG_DATA_HOME/icons $XDG_DATA_HOME/icons \
--ro-bind $XDG_DATA_HOME/themes $XDG_DATA_HOME/themes \
--ro-bind $HOME/.config/gtk-4.0 $HOME/.config/gtk-4.0 \
--ro-bind $HOME/.config/gtk-3.0 $HOME/.config/gtk-3.0 \
--ro-bind /run/current-system/sw/bin /run/current-system/sw/bin \
--ro-bind /run/current-system/sw/share/vulkan/implicit_layer.d /run/current-system/sw/share/vulkan/implicit_layer.d \
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00 \
--ro-bind /sys/dev/char /sys/dev/char \
--ro-bind /run/opengl-driver /run/opengl-driver \
--ro-bind /run/opengl-driver-32 /run/opengl-driver-32 \
--ro-bind $HOME/.Xresources $HOME/.Xresources \
--perms 0700 \
--dir /tmp/.wine-1000 \
--bind $WINEPREFIX $WINEPREFIX \
--bind $HOME/.cache/mesa_shader_cache $HOME/.cache/mesa_shader_cache \
--bind $HOME/.cache/python $HOME/.cache/python \
--bind $HOME/.local/share/umu/ $HOME/.local/share/umu/ \
--bind $HOME/.local/share/Steam/compatibilitytools.d $HOME/.local/share/Steam/compatibilitytools.d \
--dev-bind /dev/dri /dev/dri \
--dev-bind /dev/input /dev/input \
--setenv XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--setenv DISPLAY $DISPLAY \
--setenv WINEPREFIX $WINEPREFIX \
--setenv PATH $PATH \
--setenv GAMEID $GAMEID \
--setenv HOME $HOME \
--setenv MANGOHUD $MANGOHUD \
--setenv VKBASALT_CONFIG_FILE $VKBASALT_CONFIG_FILE \
--setenv ENABLE_VKBASALT $ENABLE_VKBASALT \
--setenv DXVK_CONFIG_FILE $DXVK_CONFIG_FILE \
-- \
umu $WINEPREFIX/drive_c/Hollow_Knight/hollow_knight.exe

[beh-10257]

Also, I had thoughts to implement creating custom bwrap containers in the next release to allow modifying the filesystem (e.g., not exposing the entire home directory). However, this use case would be very niche and it would be in the configuration file usage. For example:

[umu]
game_id = 'flowers'
exe = '/home/foo/Games/umu/flowers/drive_c/GOG Games/Flowers - Le Volume Sur Printemps/FLOWERS.exe'
prefix = '/home/foo/Games/umu/flowers'
proton = '/home/foo/.local/share/Steam/compatibilitytools.d/GE-Proton9-7'
sandbox = true # Unshares the home directory and only exposes what's necessary
[[bwrap.bind]] # Mounts the winetricks cache to the sandbox
src = "/home/foo/.cache/winetricks"
dest = "/home/foo/.cache/winetricks"

this would be epic to be honest just removing access from my home directory is what I use bwrap for in the first place

[R1kaB3rN]

Yes, it's possible to use bwrap with umu as long as the sandbox is setup properly and the IPC namespace is shared. And I'm guessing you ran into the KeyError because your custom script runs umu under bwrap and is creating new namespaces? I don't know what's in your script, but I think unsharing the user namespace and setting the --uid option may be related to the KeyError as I expect that error to not happen under normal circumstances.

can you give me a script with this actually working this is mine

export VKBASALT_CONFIG_FILE=/home/behe/Games/Genshin-Impact/vkBasalt.conf
export ENABLE_VKBASALT=0
export DXVK_CONFIG_FILE=/home/behe/Games/Genshin-Impact/dxvk.conf
export WINEPREFIX=/home/behe/Games/HOLLOW-KNIGHT
export GAMEID=0
export MANGOAPP_CONFIGFILE=~/.config/MangoHud/MangoHud.conf
export MANGOHUD=0
bwrap \
--die-with-parent \
--dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /nix /nix \
--ro-bind $XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--ro-bind /home/behe/.config/MangoHud/MangoHud.conf /home/behe/.config/MangoHud/MangoHud.conf \
--ro-bind /home/behe/Games/Shaders /home/behe/Games/Shaders \
--ro-bind /etc/fonts /etc/fonts \
--ro-bind /lib64 /lib64 \
--ro-bind /lib /lib \
--ro-bind /etc/localtime /etc/localtime \
--ro-bind /etc/host.conf /etc/host.conf \
--ro-bind /etc/zoneinfo /etc/zoneinfo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/profiles/per-user/behe /etc/profiles/per-user/behe \
--ro-bind /etc/static/profiles/per-user/behe /etc/static/profiles/per-user/behe \
--ro-bind $XDG_DATA_HOME/icons $XDG_DATA_HOME/icons \
--ro-bind $XDG_DATA_HOME/themes $XDG_DATA_HOME/themes \
--ro-bind $HOME/.config/gtk-4.0 $HOME/.config/gtk-4.0 \
--ro-bind $HOME/.config/gtk-3.0 $HOME/.config/gtk-3.0 \
--ro-bind /run/current-system/sw/bin /run/current-system/sw/bin \
--ro-bind /run/current-system/sw/share/vulkan/implicit_layer.d /run/current-system/sw/share/vulkan/implicit_layer.d \
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00 \
--ro-bind /sys/dev/char /sys/dev/char \
--ro-bind /run/opengl-driver /run/opengl-driver \
--ro-bind /run/opengl-driver-32 /run/opengl-driver-32 \
--ro-bind $HOME/.Xresources $HOME/.Xresources \
--perms 0700 \
--dir /tmp/.wine-1000 \
--bind $WINEPREFIX $WINEPREFIX \
--bind $HOME/.cache/mesa_shader_cache $HOME/.cache/mesa_shader_cache \
--bind $HOME/.cache/python $HOME/.cache/python \
--bind $HOME/.local/share/umu/ $HOME/.local/share/umu/ \
--bind $HOME/.local/share/Steam/compatibilitytools.d $HOME/.local/share/Steam/compatibilitytools.d \
--dev-bind /dev/dri /dev/dri \
--dev-bind /dev/input /dev/input \
--setenv XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--setenv DISPLAY $DISPLAY \
--setenv WINEPREFIX $WINEPREFIX \
--setenv PATH $PATH \
--setenv GAMEID $GAMEID \
--setenv HOME $HOME \
--setenv MANGOHUD $MANGOHUD \
--setenv VKBASALT_CONFIG_FILE $VKBASALT_CONFIG_FILE \
--setenv ENABLE_VKBASALT $ENABLE_VKBASALT \
--setenv DXVK_CONFIG_FILE $DXVK_CONFIG_FILE \
-- \
umu $WINEPREFIX/drive_c/Hollow_Knight/hollow_knight.exe

Do you mind bind /etc/passwd to the sandbox then rerunning the command? The password database module requires this file to be accessible.

[beh-10257]

ok that removed that issue now another issue popped up

also for what its worth if I get this working I'll obviously put the script here just so other people can use it as well

[beh-10257]

@R1kaB3rN ok I made it work
heres the final script

export VKBASALT_CONFIG_FILE=/home/behe/Games/Genshin-Impact/vkBasalt.conf
export ENABLE_VKBASALT=0
export DXVK_CONFIG_FILE=/home/behe/Games/Genshin-Impact/dxvk.conf
export WINEPREFIX=/home/behe/Games/HOLLOW-KNIGHT
export GAMEID=0
export MANGOAPP_CONFIGFILE=~/.config/MangoHud/MangoHud.conf
export MANGOHUD=0
bwrap \
--die-with-parent \
--dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /nix /nix \
--ro-bind $XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--ro-bind /home/behe/.config/MangoHud/MangoHud.conf /home/behe/.config/MangoHud/MangoHud.conf \
--ro-bind /home/behe/Games/Shaders /home/behe/Games/Shaders \
--ro-bind /etc/fonts /etc/fonts \
--ro-bind /lib64 /lib64 \
--ro-bind /lib /lib \
--ro-bind /etc/localtime /etc/localtime \
--ro-bind /etc/host.conf /etc/host.conf \
--ro-bind /etc/zoneinfo /etc/zoneinfo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/profiles/per-user/behe /etc/profiles/per-user/behe \
--ro-bind /etc/static/profiles/per-user/behe /etc/static/profiles/per-user/behe \
--ro-bind $XDG_DATA_HOME/icons $XDG_DATA_HOME/icons \
--ro-bind $XDG_DATA_HOME/themes $XDG_DATA_HOME/themes \
--ro-bind $HOME/.config/gtk-4.0 $HOME/.config/gtk-4.0 \
--ro-bind $HOME/.config/gtk-3.0 $HOME/.config/gtk-3.0 \
--ro-bind /run/current-system/sw/bin /run/current-system/sw/bin \
--ro-bind /run/current-system/sw/share/vulkan/implicit_layer.d /run/current-system/sw/share/vulkan/implicit_layer.d \
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00 \
--ro-bind /sys/dev/char /sys/dev/char \
--ro-bind /run/opengl-driver /run/opengl-driver \
--ro-bind /run/opengl-driver-32 /run/opengl-driver-32 \
--ro-bind $HOME/.Xresources $HOME/.Xresources \
--ro-bind /etc/passwd /etc/passwd \
--ro-bind /etc/ssl /etc/ssl \
--ro-bind /etc/static /etc/static \
--perms 0700 \
--dir /tmp/.wine-1000 \
--bind $WINEPREFIX $WINEPREFIX \
--bind $HOME/.cache/mesa_shader_cache $HOME/.cache/mesa_shader_cache \
--bind $HOME/.cache/python $HOME/.cache/python \
--bind $HOME/.local/share/umu/ $HOME/.local/share/umu/ \
--bind $HOME/.local/share/Steam/compatibilitytools.d $HOME/.local/share/Steam/compatibilitytools.d \
--dev-bind /dev/dri /dev/dri \
--dev-bind /dev/input /dev/input \
--setenv XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--setenv DISPLAY $DISPLAY \
--setenv WINEPREFIX $WINEPREFIX \
--setenv PATH $PATH \
--setenv GAMEID $GAMEID \
--setenv HOME $HOME \
--setenv MANGOHUD $MANGOHUD \
--setenv VKBASALT_CONFIG_FILE $VKBASALT_CONFIG_FILE \
--setenv ENABLE_VKBASALT $ENABLE_VKBASALT \
--setenv DXVK_CONFIG_FILE $DXVK_CONFIG_FILE \
-- \
umu $WINEPREFIX/drive_c/Hollow_Knight/hollow_knight.exe
#umu explorer

[beh-10257]

@R1kaB3rN actually I can unshare everything except --unshare-net

even when doing umu explorer
I guess this is an umu issue
like why does it require internet connection ??

heres the video of the problem:
https://github.com/Open-Wine-Components/umu-launcher/assets/77834479/f33afca7-37ed-41c1-b096-e1295b20df38

heres the script:

export VKBASALT_CONFIG_FILE=/home/behe/Games/Genshin-Impact/vkBasalt.conf
export ENABLE_VKBASALT=0
export DXVK_CONFIG_FILE=/home/behe/Games/Genshin-Impact/dxvk.conf
export WINEPREFIX=/home/behe/Games/HOLLOW-KNIGHT
export GAMEID=0
export MANGOAPP_CONFIGFILE=~/.config/MangoHud/MangoHud.conf
export MANGOHUD=0
export PROTONPATH=GE-Proton
bwrap \
--unshare-cgroup \
--unshare-uts \
--unshare-pid \
--unshare-ipc \
--unshare-user \
--die-with-parent \
--dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /nix /nix \
--ro-bind $XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--ro-bind /home/behe/.config/MangoHud/MangoHud.conf /home/behe/.config/MangoHud/MangoHud.conf \
--ro-bind /home/behe/Games/Shaders /home/behe/Games/Shaders \
--ro-bind /etc/fonts /etc/fonts \
--ro-bind /lib64 /lib64 \
--ro-bind /lib /lib \
--ro-bind /etc/localtime /etc/localtime \
--ro-bind /etc/host.conf /etc/host.conf \
--ro-bind /etc/zoneinfo /etc/zoneinfo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/profiles/per-user/behe /etc/profiles/per-user/behe \
--ro-bind /etc/static/profiles/per-user/behe /etc/static/profiles/per-user/behe \
--ro-bind $XDG_DATA_HOME/icons $XDG_DATA_HOME/icons \
--ro-bind $XDG_DATA_HOME/themes $XDG_DATA_HOME/themes \
--ro-bind $HOME/.config/gtk-4.0 $HOME/.config/gtk-4.0 \
--ro-bind $HOME/.config/gtk-3.0 $HOME/.config/gtk-3.0 \
--ro-bind /run/current-system/sw/bin /run/current-system/sw/bin \
--ro-bind /run/current-system/sw/share/vulkan/implicit_layer.d /run/current-system/sw/share/vulkan/implicit_layer.d \
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00 \
--ro-bind /sys/dev/char /sys/dev/char \
--ro-bind /run/opengl-driver /run/opengl-driver \
--ro-bind /run/opengl-driver-32 /run/opengl-driver-32 \
--ro-bind $HOME/.Xresources $HOME/.Xresources \
--ro-bind /etc/passwd /etc/passwd \
--ro-bind /etc/ssl /etc/ssl \
--ro-bind /etc/machine-id /etc/machine-id \
--ro-bind /etc/static /etc/static \
--ro-bind $DXVK_CONFIG_FILE $DXVK_CONFIG_FILE \
--perms 0700 \
--dir /tmp/.wine-1000 \
--bind $WINEPREFIX $WINEPREFIX \
--bind $HOME/.cache/mesa_shader_cache $HOME/.cache/mesa_shader_cache \
--bind $HOME/.cache/python $HOME/.cache/python \
--bind $HOME/.local/share/umu/ $HOME/.local/share/umu/ \
--bind $HOME/.local/share/Steam/compatibilitytools.d $HOME/.local/share/Steam/compatibilitytools.d \
--dev-bind /dev/dri /dev/dri \
--dev-bind /dev/input /dev/input \
--setenv XDG_RUNTIME_DIR $XDG_RUNTIME_DIR \
--setenv DISPLAY $DISPLAY \
--setenv WINEPREFIX $WINEPREFIX \
--setenv PATH $PATH \
--setenv GAMEID $GAMEID \
--setenv HOME $HOME \
--setenv MANGOHUD $MANGOHUD \
--setenv VKBASALT_CONFIG_FILE $VKBASALT_CONFIG_FILE \
--setenv ENABLE_VKBASALT $ENABLE_VKBASALT \
--setenv DXVK_CONFIG_FILE $DXVK_CONFIG_FILE \
-- \
umu explorer

[R1kaB3rN]

Even after watching the video, I don't have enough information to determine the problem and you'll need to at least upload a wine traceback because, certainly, something occurs when control is given to wine.

Though I don't know how wine explorer works, I do know that using --unshare-net should pose no problem as long as the sandbox is set correctly and the executable doesn't require internet to fully function because I've been using that option for a while.

[cryptonaus]

Also, I had thoughts to implement creating custom bwrap containers in the next release to allow modifying the filesystem (e.g., not exposing the entire home directory). However, this use case would be very niche and it would be in the configuration file usage...

This would be appreciated. When I heard about umu launcher, I was concerned about layered containerization—specifically for the use case expressed in this issue. You call this a "very niche" use case, but I don't think it has to be that way: combined with structured data about game directories (that anyone can contribute and everyone can share) and store information, almost everyone could benefit from this setup. I currently use bubblewrap to make backing up game saves trivial and simultaneously support multiple couch users, providing a console-like experience. Switching users re-uses the same installation (and shader caches, etc.), but bubblewrap just binds different save paths.

[umu]
game_id = 'flowers'
exe = '/home/foo/Games/umu/flowers/drive_c/GOG Games/Flowers - Le Volume Sur Printemps/FLOWERS.exe'
prefix = '/home/foo/Games/umu/flowers'
proton = '/home/foo/.local/share/Steam/compatibilitytools.d/GE-Proton9-7'
sandbox = true # Unshares the home directory and only exposes what's necessary

[directories] # Mount the directories as subdirectories of the below
config = "/home/foo/.config/umu/flowers"
cache = "/home/foo/.cache/umu/flowers""
saves = "/home/foo/Documents/saves/flowers" # Maybe read an env variable or replace with launcher to specify a different path

Just food for thought.

[layercak3]

You need to ro-bind /tmp/.X11-unix/X0 to access the X server without using an abstract socket which is unavailable when you unshare the network namespace. Note how the log said "x11 socket doesn't exist in filesystem so attempting abstract socket". Alternatively, you could use gamescope or rootful Xwayland instead and just share a wayland socket. Generally umu can run without networking but it needs to go online to download Proton/steamrt and the protonfixes module needs networking to contact umu database. I decided to begin writing my own private proton tools similar to umu but with slightly different design. I just run normal bwrap on top of pressure-vessel.