使用 bwrap 隔离 WPS Office

看到依云在 博客 中提到了非特权沙盒工具 bwrap。博客的结尾提到可以用它来跑一些不太干净的软件，便来配置一下 WPS Office。

WPS 目前（AUR 版本 11.1.0.10702-1）还有使用反斜杠作为文件路径分隔符的问题，不过没有影响到外部的观感，只是在 ~/.local/share/Kingsoft 内部。但是它每次运行都会在后台启动 wpscloudsvr 进程，可能和云同步有关吧，每次还要 kill 一下，有点麻烦。另外作为那种不得不使用的商业软件，还是感觉隔离一下舒服一些。

使用的 bwrap 命令修改自依云的博客。wrap-wps 脚本如下：

#!/bin/bash

# 根据扩展名选择对应的 WPS 程序
file=$1
case $file in
    *.doc | *.docx) exe=/usr/bin/wps ;;
    *.xls | *.xlsx) exe=/usr/bin/et ;;
    *.ppt | *.pptx) exe=/usr/bin/wpp ;;
    *) exe=/usr/bin/wps ;;
esac

binds=()
for dir in fontconfig gtk-2.0 gtk-3.0 mimeapps.list Kingsoft; do
    binds+=(--ro-bind ~/.config/"$dir" ~/.config/"$dir")
done

# bind mount 需要操作的文件
if [[ -f "$file" ]]; then
    path="$(realpath "$file")"
    binds+=(--bind "$path" "$path")
fi

exec bwrap --unshare-all --die-with-parent \
    --ro-bind / / \
    --tmpfs /sys --tmpfs /home --tmpfs /tmp --tmpfs /run --proc /proc --dev /dev \
    --ro-bind "$XDG_RUNTIME_DIR" "$XDG_RUNTIME_DIR" \
    --ro-bind /tmp/.X11-unix /tmp/.X11-unix \
    "${binds[@]}" \
    --ro-bind ~/Documents ~/Documents \
    --bind ~/tmp ~/tmp \
    "$exe" "$@"

可以在使用此脚本之前运行一下 wps，让它生成 ~/.config/Kingsoft，避免每次启动还要同意一下许可证。

再写一个 application 文件并配置上文件类型关联。把 /usr/share/applications/wps-office-prometheus.desktop 复制到 ~/.local/share/applications/wps-office-wrap.desktop，并把 Exec 的命令改成上面的 wrap-wps，InitialPreference 调成 99，把各个 WPS 程序的 MimeType 合并。如下

diff --git a/usr/share/applications/wps-office-prometheus.desktop b/home/wang/.local/share/applications/wps-office-wrap.desktop
index 820214f..87ab130 100644
--- a/usr/share/applications/wps-office-prometheus.desktop
+++ b/home/wang/.local/share/applications/wps-office-wrap.desktop
@@ -2,7 +2,8 @@
 Comment=Use WPS Writer to office work.
 Comment[zh_CN]=使用 WPS 2019进行办公
-Exec=/usr/bin/wps %F
+Exec=/home/wang/scripts/wrap-wps %U
 GenericName=WPS
 GenericName[zh_CN]=WPS 2019
+MimeType=application/wps-office.et;application/wps-office.ett;application/wps-office.ets;application/wps-office.eto;application/wps-office.xls;application/wps-office.xlt;application/vnd.ms-excel;application/msexcel;application/x-msexcel;application/wps-office.xlsx;application/wps-office.xltx;application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;application/wps-office.uos;application/wps-office.dps;application/wps-office.dpt;application/wps-office.dpss;application/wps-office.dpso;application/wps-office.ppt;application/wps-office.pot;application/vnd.ms-powerpoint;application/vnd.mspowerpoint;application/mspowerpoint;application/powerpoint;application/x-mspowerpoint;application/wps-office.pptx;application/wps-office.potx;application/vnd.openxmlformats-officedocument.presentationml.presentation;application/vnd.openxmlformats-officedocument.presentationml.slideshow;application/wps-office.uop;application/wps-office.wps;application/wps-office.wpt;application/wps-office.wpso;application/wps-office.wpss;application/wps-office.doc;application/wps-office.dot;application/vnd.ms-word;application/msword;application/x-msword;application/msword-template;application/wps-office.docx;application/wps-office.dotx;application/rtf;application/vnd.ms-word.document.macroEnabled.12;application/vnd.openxmlformats-officedocument.wordprocessingml.document;x-scheme-handler/ksoqing;x-scheme-handler/ksowps;x-scheme-handler/ksowpp;x-scheme-handler/ksoet;x-scheme-handler/ksowpscloudsvr;x-scheme-handler/ksowebstartupwps;x-scheme-handler/ksowebstartupet;x-scheme-handler/ksowebstartupwpp;application/wps-office.uot;
 Name=WPS 2019
 Name[zh_CN]=WPS 2019
@@ -16,4 +17,4 @@ X-KDE-SubstituteUID=false
 X-KDE-Username=
 Icon=wps-office2019-kprometheus
-InitialPreference=3
+InitialPreference=99
 StartupWMClass=wpsoffice

然后在 ~/.config/mimeapps.list 中配置默认程序

[Default Applications]
application/vnd.openxmlformats-officedocument.wordprocessingml.document=wps-office-wrap.desktop
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=wps-office-wrap.desktop
application/vnd.openxmlformats-officedocument.presentationml.presentation=wps-office-wrap.desktop
application/vnd.ms-word=wps-office-wrap.desktop
application/vnd.ms-excel=wps-office-wrap.desktop
application/vnd.ms-powerpoint=wps-office-wrap.desktop

---

PS. 合并 WPS 的 MimeType 可用以下的 zsh 命令（需要 extendedglob 选项）

grep MimeType /usr/share/applications/wps-office-^pdf* | cut -d'=' -f2 | paste -sd ''