add SandboxOptions to the Lauch event

leafo · leafo · commit e7769897b14a · 2026-02-17T13:44:21.000-08:00
diff --git a/butlerd/generous/docs/README.md b/butlerd/generous/docs/README.md
@@ -5970,6 +5970,12 @@ cave identifier.</p>
 <td><p><span class="tag">Optional</span> Enable sandbox (regardless of manifest opt-in)</p>
 </td>
 </tr>
+<tr>
+<td><code>sandboxOptions</code></td>
+<td><code class="typename"><span class="type" data-tip-selector="#SandboxOptions__TypeHint">SandboxOptions</span></code></td>
+<td><p><span class="tag">Optional</span> Sandbox configuration options. Only applied when sandbox is enabled.</p>
+</td>
+</tr>
 </table>
 
 
@@ -6004,6 +6010,10 @@ cave identifier.</p>
 <td><code>sandbox</code></td>
 <td><code class="typename"><span class="type builtin-type">boolean</span></code></td>
 </tr>
+<tr>
+<td><code>sandboxOptions</code></td>
+<td><code class="typename"><span class="type">SandboxOptions</span></code></td>
+</tr>
 </table>
 
 </div>
@@ -9027,6 +9037,123 @@ performed whenever <code class="typename"><span class="type">Downloads.Drive</sp
 
 </div>
 
+### SandboxType (enum)
+
+
+
+<p>
+<span class="header">Values</span> 
+</p>
+
+
+<table class="field-table">
+<tr>
+<td><code>""</code></td>
+<td></td>
+</tr>
+<tr>
+<td><code>"bubblewrap"</code></td>
+<td></td>
+</tr>
+<tr>
+<td><code>"firejail"</code></td>
+<td></td>
+</tr>
+<tr>
+<td><code>"flatpak"</code></td>
+<td></td>
+</tr>
+<tr>
+<td><code>"fuji"</code></td>
+<td></td>
+</tr>
+</table>
+
+
+<div id="SandboxType__TypeHint" class="tip-content">
+<p>SandboxType (enum) <a href="#/?id=sandboxtype-enum">(Go to definition)</a></p>
+
+
+<table class="field-table">
+<tr>
+<td><code>""</code></td>
+</tr>
+<tr>
+<td><code>"bubblewrap"</code></td>
+</tr>
+<tr>
+<td><code>"firejail"</code></td>
+</tr>
+<tr>
+<td><code>"flatpak"</code></td>
+</tr>
+<tr>
+<td><code>"fuji"</code></td>
+</tr>
+</table>
+
+</div>
+
+### SandboxOptions (struct)
+
+
+<p>
+<p>Options for controlling sandbox behavior.</p>
+
+</p>
+
+<p>
+<span class="header">Fields</span> 
+</p>
+
+
+<table class="field-table">
+<tr>
+<td><code>type</code></td>
+<td><code class="typename"><span class="type" data-tip-selector="#SandboxType__TypeHint">SandboxType</span></code></td>
+<td><p><span class="tag">Optional</span> Which sandbox runner to use. Empty string means auto-detect.</p>
+</td>
+</tr>
+<tr>
+<td><code>noNetwork</code></td>
+<td><code class="typename"><span class="type builtin-type">boolean</span></code></td>
+<td><p><span class="tag">Optional</span> (Linux Only) If true, disable network access within the sandbox.</p>
+</td>
+</tr>
+<tr>
+<td><code>allowEnv</code></td>
+<td><code class="typename"><span class="type builtin-type">string</span>[]</code></td>
+<td><p><span class="tag">Optional</span> (Linux Only) List of environment variable names to allow through from the host into the sandbox.</p>
+</td>
+</tr>
+</table>
+
+
+<div id="SandboxOptions__TypeHint" class="tip-content">
+<p>SandboxOptions (struct) <a href="#/?id=sandboxoptions-struct">(Go to definition)</a></p>
+
+<p>
+<p>Options for controlling sandbox behavior.</p>
+
+</p>
+
+<table class="field-table">
+<tr>
+<td><code>type</code></td>
+<td><code class="typename"><span class="type">SandboxType</span></code></td>
+</tr>
+<tr>
+<td><code>noNetwork</code></td>
+<td><code class="typename"><span class="type builtin-type">boolean</span></code></td>
+</tr>
+<tr>
+<td><code>allowEnv</code></td>
+<td><code class="typename"><span class="type builtin-type">string</span>[]</code></td>
+</tr>
+</table>
+
+</div>
+
 ### Log (notification)
 
 
diff --git a/butlerd/generous/spec/butlerd.json b/butlerd/generous/spec/butlerd.json
@@ -1915,6 +1915,11 @@
             "name": "sandbox",
             "doc": "Enable sandbox (regardless of manifest opt-in)",
             "type": "boolean"
+          },
+          {
+            "name": "sandboxOptions",
+            "doc": "Sandbox configuration options. Only applied when sandbox is enabled.",
+            "type": "SandboxOptions"
           }
         ]
       },
@@ -3050,6 +3055,27 @@
         }
       ]
     },
+    {
+      "name": "SandboxOptions",
+      "doc": "Options for controlling sandbox behavior.",
+      "fields": [
+        {
+          "name": "type",
+          "doc": "Which sandbox runner to use. Empty string means auto-detect.",
+          "type": "SandboxType"
+        },
+        {
+          "name": "noNetwork",
+          "doc": "(Linux Only) If true, disable network access within the sandbox.",
+          "type": "boolean"
+        },
+        {
+          "name": "allowEnv",
+          "doc": "(Linux Only) List of environment variable names to allow through from the host into the sandbox.",
+          "type": "string[]"
+        }
+      ]
+    },
     {
       "name": "Host",
       "doc": "",
@@ -4329,6 +4355,37 @@
         }
       ]
     },
+    {
+      "name": "SandboxType",
+      "doc": "",
+      "values": [
+        {
+          "name": "Auto",
+          "doc": "",
+          "value": ""
+        },
+        {
+          "name": "Bubblewrap",
+          "doc": "",
+          "value": "bubblewrap"
+        },
+        {
+          "name": "Firejail",
+          "doc": "",
+          "value": "firejail"
+        },
+        {
+          "name": "Flatpak",
+          "doc": "",
+          "value": "flatpak"
+        },
+        {
+          "name": "Fuji",
+          "doc": "",
+          "value": "fuji"
+        }
+      ]
+    },
     {
       "name": "LogLevel",
       "doc": "",
diff --git a/butlerd/types.go b/butlerd/types.go
@@ -2350,6 +2350,35 @@ type LaunchParams struct {
 	// Enable sandbox (regardless of manifest opt-in)
 	// @optional
 	Sandbox bool `json:"sandbox,omitempty"`
+
+	// Sandbox configuration options. Only applied when sandbox is enabled.
+	// @optional
+	SandboxOptions *SandboxOptions `json:"sandboxOptions,omitempty"`
+}
+
+type SandboxType string
+
+const (
+	SandboxTypeAuto       SandboxType = ""
+	SandboxTypeBubblewrap SandboxType = "bubblewrap"
+	SandboxTypeFirejail   SandboxType = "firejail"
+	SandboxTypeFlatpak    SandboxType = "flatpak"
+	SandboxTypeFuji       SandboxType = "fuji"
+)
+
+// Options for controlling sandbox behavior.
+type SandboxOptions struct {
+	// Which sandbox runner to use. Empty string means auto-detect.
+	// @optional
+	Type SandboxType `json:"type,omitempty"`
+
+	// (Linux Only) If true, disable network access within the sandbox.
+	// @optional
+	NoNetwork bool `json:"noNetwork,omitempty"`
+
+	// (Linux Only) List of environment variable names to allow through from the host into the sandbox.
+	// @optional
+	AllowEnv []string `json:"allowEnv,omitempty"`
 }
 
 func (p LaunchParams) Validate() error {
diff --git a/endpoints/launch/launch.go b/endpoints/launch/launch.go
@@ -253,6 +253,7 @@ func Launch(rc *butlerd.RequestContext, params butlerd.LaunchParams) (*butlerd.L
 			AppManifest:      targetRes.appManifest,
 			Action:           target.Action,
 			Sandbox:          sandbox,
+			SandboxOptions:   params.SandboxOptions,
 			WorkingDirectory: workingDirectory,
 			Args:             args,
 			Env:              env,
diff --git a/endpoints/launch/launchers/native/native.go b/endpoints/launch/launchers/native/native.go
@@ -190,12 +190,22 @@ func (l *Launcher) Do(params launch.LauncherParams) error {
 		consumer.Infof("Console launch requested")
 	}
 
+	var sandboxConfig runner.SandboxConfig
+	if params.SandboxOptions != nil {
+		sandboxConfig = runner.SandboxConfig{
+			Type:      runner.SandboxType(string(params.SandboxOptions.Type)),
+			NoNetwork: params.SandboxOptions.NoNetwork,
+			AllowEnv:  params.SandboxOptions.AllowEnv,
+		}
+	}
+
 	runParams := runner.RunnerParams{
 		Consumer: consumer,
 		Ctx:      params.Ctx,
 
-		Sandbox: params.Sandbox,
-		Console: console,
+		Sandbox:       params.Sandbox,
+		SandboxConfig: sandboxConfig,
+		Console:       console,
 
 		FullTargetPath: fullTargetPath,
 
diff --git a/endpoints/launch/types.go b/endpoints/launch/types.go
@@ -44,6 +44,9 @@ type LauncherParams struct {
 	// If true, enable sandbox
 	Sandbox bool
 
+	// Sandbox configuration options (may be nil)
+	SandboxOptions *butlerd.SandboxOptions
+
 	// Additional command-line arguments
 	Args []string
 
diff --git a/go.mod b/go.mod
@@ -32,7 +32,7 @@ require (
 	github.com/itchio/pelican v0.0.0-20200626221820-739b3d7708d2
 	github.com/itchio/savior v0.0.0-20260128212141-556ab9757054
 	github.com/itchio/screw v0.0.0-20200301160148-75fc2d65fb38
-	github.com/itchio/smaug v0.0.0-20260216213017-90029cd51343
+	github.com/itchio/smaug v0.0.0-20260217205404-17f32f5b4643
 	github.com/itchio/spellbook v0.0.0-20200301161431-a4bdbea6b725
 	github.com/itchio/wharf v0.0.0-20260121214545-5e5efc838cdb
 	github.com/itchio/wizardry v0.0.0-20200301161332-e8c8c4a5a488
diff --git a/go.sum b/go.sum
@@ -178,10 +178,8 @@ github.com/itchio/screw v0.0.0-20200301160148-75fc2d65fb38 h1:Mn30eeqfaJDXRxiQzH
 github.com/itchio/screw v0.0.0-20200301160148-75fc2d65fb38/go.mod h1:niqRh/zemDC1HOJiMwUHIsmbgw4t3NTAogGD53Uleqs=
 github.com/itchio/sevenzip-go v0.0.0-20260201233743-2dbe441fd43c h1:Mo6j+q53lWHsX+39KWfYudUX2fv8O0Rg1XnQBRX1aOU=
 github.com/itchio/sevenzip-go v0.0.0-20260201233743-2dbe441fd43c/go.mod h1:j77mJOxTb3sD0+h/c7nqwth7Y7DcI8TyBhxUI2ZEs0o=
-github.com/itchio/smaug v0.0.0-20260212201406-1bd5f3fc1c90 h1:dsoZB0unSz/hWHE01megcNC6wzrruPr7U6vuoZ+G1rU=
-github.com/itchio/smaug v0.0.0-20260212201406-1bd5f3fc1c90/go.mod h1:cvvHbM3mtzDynJyUcb8mwpinK14Sy691ch1CV1D8jjE=
-github.com/itchio/smaug v0.0.0-20260216213017-90029cd51343 h1:5sozkSGt5lvtUSKgho9jUxV7mZyEKlRNvSoqge6XlDY=
-github.com/itchio/smaug v0.0.0-20260216213017-90029cd51343/go.mod h1:cvvHbM3mtzDynJyUcb8mwpinK14Sy691ch1CV1D8jjE=
+github.com/itchio/smaug v0.0.0-20260217205404-17f32f5b4643 h1:kysKu9JibfQPkv1bI9t/5FKscEEckU7vGd9ukxlOhBw=
+github.com/itchio/smaug v0.0.0-20260217205404-17f32f5b4643/go.mod h1:cvvHbM3mtzDynJyUcb8mwpinK14Sy691ch1CV1D8jjE=
 github.com/itchio/spellbook v0.0.0-20200301161431-a4bdbea6b725 h1:zD1SEqqiqaCgJnSauy1+LBq1tDrXFGymk09v90Wr0bA=
 github.com/itchio/spellbook v0.0.0-20200301161431-a4bdbea6b725/go.mod h1:rrZhjXwnFHxTTvfrzI0aeIQDCGqlbGFu7SXam+QcJ94=
 github.com/itchio/wharf v0.0.0-20200305150844-3ed0814c4e98/go.mod h1:ZTnhOpjGKeKcysGbew3pIIQWgjHIFSHRGznCORTiA6w=
