search

containers / bubblewrap

Low-level unprivileged sandboxing tool used by Flatpak and similar projects
Other
3.99k stars 239 forks source link

Ask help to find in my command what cause increased CPU usage #524

Closed ghost closed 2 years ago

ghost commented 2 years ago

i actually started recently to mess with renpy to create minigame, and i do wand to sandbox it, i'm using the settings after : There is two problem first it's blurry (when it's not with another sandbox tool (who start with fire and finish with jail), as you see i forbid the usage of X11 (since i do use a wayland only device). But when i do use renpy (on renpy.org) game to see how it work, the CPU and GPU strike like i was trying to run a AAA game at max, what don't happen with the exact same app on firejail.

If anyone have an idea of what i can change to reduce this CPU/GPU (integrated) Charge

bwrap --symlink usr/lib /lib --symlink usr/lib64 /lib64 --symlink usr/bin /bin --symlink usr/bin /sbin --ro-bind /usr/lib /usr/lib --ro-bind /usr/lib64 /usr/lib64 --ro-bind /usr/bin /usr/bin --ro-bind /usr/share/applications /usr/share/applications --ro-bind /usr/share/gtk-3.0 /usr/share/gtk-3.0 --ro-bind /usr/share/gtk-4.0 /usr/share/gtk-4.0 --ro-bind /usr/share/fontconfig /usr/share/fontconfig --ro-bind /usr/share/drirc.d /usr/share/drirc.d --ro-bind /usr/share/fonts /usr/share/fonts --ro-bind /usr/share/glib-2.0 /usr/share/glib-2.0 --ro-bind /usr/share/glvnd /usr/share/glvnd --ro-bind /usr/share/icons /usr/share/icons --ro-bind /usr/share/libdrm /usr/share/libdrm --ro-bind /usr/share/mime /usr/share/mime --ro-bind /usr/share/icons /usr/share/icons --ro-bind /usr/share/mime /usr/share/mime --ro-bind /etc/fonts /etc/fonts --ro-bind /usr/share/X11/xkb /usr/share/X11/xkb --dir /run/user/"$(id -u)" --ro-bind /run/user/"$(id -u)"/pulse /run/user/"$(id -u)"/pulse --ro-bind "/run/user/$(id -u)/pipewire-0" "/run/user/$(id -u)/pipewire-0" --ro-bind /run/user/"$(id -u)"/wayland-0 /run/user/"$(id -u)"/wayland-0 --dev /dev --dev-bind /dev/dri /dev/dri --ro-bind /sys/dev/char /sys/dev/char --proc /proc --dir /tmp --bind /home/USERNAME/APP /home/USERNAME/APP --bind /opt/APP /opt/APP --setenv HOME /home/USERNAME --setenv PATH /usr/bin --hostname RESTRICTED --unshare-all --die-with-parent --new-session /opt/APP

smcv commented 2 years ago

Sorry, the maintainers of bwrap already don't have as much time as we would like to maintain bwrap, and we are not in a position to help you to debug other programs.