惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
U
Unit 42
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
F
Full Disclosure
月光博客
月光博客
Engineering at Meta
Engineering at Meta
博客园_首页
The Register - Security
The Register - Security
G
Google Developers Blog
The Cloudflare Blog
博客园 - Franky
K
Kaspersky official blog
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
C
Check Point Blog
NISL@THU
NISL@THU
AI
AI
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Stack Overflow Blog
Stack Overflow Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
量子位
Vercel News
Vercel News
T
Tor Project blog
P
Privacy International News Feed
D
Docker
I
Intezer
L
LangChain Blog
P
Proofpoint News Feed
Security Latest
Security Latest
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
博客园 - 聂微东
AWS News Blog
AWS News Blog
Martin Fowler
Martin Fowler
P
Privacy & Cybersecurity Law Blog
V
V2EX
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
The Hacker News
The Hacker News
T
Tenable Blog
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog

weirane’s blog

开始读《异见时刻》 中美文化差异 关于基于表达式的编程语言的一些思考 从零开始的 λ 演算 从 Manjaro 迁移到 Arch Linux 使用 pass 管理密码 更换域名 搭建一个 Git 服务器 Fcitx5 安装记
使用 bwrap 隔离 WPS Office
weirane · 2021-08-20 · via weirane’s blog

2 minute read

看到依云在 博客 中提到了非特权沙盒工具 bwrap。博客的结尾提到可以用它来跑一些不太干净的软件,便来配置一下 WPS Office。

WPS 目前(AUR 版本 11.1.0.10702-1)还有使用反斜杠作为文件路径分隔符的问题,不过没有影响到外部的观感,只是在 ~/.local/share/Kingsoft 内部。但是它每次运行都会在后台启动 wpscloudsvr 进程,可能和云同步有关吧,每次还要 kill 一下,有点麻烦。另外作为那种不得不使用的商业软件,还是感觉隔离一下舒服一些。

使用的 bwrap 命令修改自依云的博客。wrap-wps 脚本如下:

#!/bin/bash

# 根据扩展名选择对应的 WPS 程序
file=$1
case $file in
    *.doc | *.docx) exe=/usr/bin/wps ;;
    *.xls | *.xlsx) exe=/usr/bin/et ;;
    *.ppt | *.pptx) exe=/usr/bin/wpp ;;
    *) exe=/usr/bin/wps ;;
esac

binds=()
for dir in fontconfig gtk-2.0 gtk-3.0 mimeapps.list Kingsoft; do
    binds+=(--ro-bind ~/.config/"$dir" ~/.config/"$dir")
done

# bind mount 需要操作的文件
if [[ -f "$file" ]]; then
    path="$(realpath "$file")"
    binds+=(--bind "$path" "$path")
fi

exec bwrap --unshare-all --die-with-parent \
    --ro-bind / / \
    --tmpfs /sys --tmpfs /home --tmpfs /tmp --tmpfs /run --proc /proc --dev /dev \
    --ro-bind "$XDG_RUNTIME_DIR" "$XDG_RUNTIME_DIR" \
    --ro-bind /tmp/.X11-unix /tmp/.X11-unix \
    "${binds[@]}" \
    --ro-bind ~/Documents ~/Documents \
    --bind ~/tmp ~/tmp \
    "$exe" "$@"

可以在使用此脚本之前运行一下 wps,让它生成 ~/.config/Kingsoft,避免每次启动还要同意一下许可证。

再写一个 application 文件并配置上文件类型关联。把 /usr/share/applications/wps-office-prometheus.desktop 复制到 ~/.local/share/applications/wps-office-wrap.desktop,并把 Exec 的命令改成上面的 wrap-wpsInitialPreference 调成 99,把各个 WPS 程序的 MimeType 合并。如下

diff --git a/usr/share/applications/wps-office-prometheus.desktop b/home/wang/.local/share/applications/wps-office-wrap.desktop
index 820214f..87ab130 100644
--- a/usr/share/applications/wps-office-prometheus.desktop
+++ b/home/wang/.local/share/applications/wps-office-wrap.desktop
@@ -2,7 +2,8 @@
 Comment=Use WPS Writer to office work.
 Comment[zh_CN]=使用 WPS 2019进行办公
-Exec=/usr/bin/wps %F
+Exec=/home/wang/scripts/wrap-wps %U
 GenericName=WPS
 GenericName[zh_CN]=WPS 2019
+MimeType=application/wps-office.et;application/wps-office.ett;application/wps-office.ets;application/wps-office.eto;application/wps-office.xls;application/wps-office.xlt;application/vnd.ms-excel;application/msexcel;application/x-msexcel;application/wps-office.xlsx;application/wps-office.xltx;application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;application/wps-office.uos;application/wps-office.dps;application/wps-office.dpt;application/wps-office.dpss;application/wps-office.dpso;application/wps-office.ppt;application/wps-office.pot;application/vnd.ms-powerpoint;application/vnd.mspowerpoint;application/mspowerpoint;application/powerpoint;application/x-mspowerpoint;application/wps-office.pptx;application/wps-office.potx;application/vnd.openxmlformats-officedocument.presentationml.presentation;application/vnd.openxmlformats-officedocument.presentationml.slideshow;application/wps-office.uop;application/wps-office.wps;application/wps-office.wpt;application/wps-office.wpso;application/wps-office.wpss;application/wps-office.doc;application/wps-office.dot;application/vnd.ms-word;application/msword;application/x-msword;application/msword-template;application/wps-office.docx;application/wps-office.dotx;application/rtf;application/vnd.ms-word.document.macroEnabled.12;application/vnd.openxmlformats-officedocument.wordprocessingml.document;x-scheme-handler/ksoqing;x-scheme-handler/ksowps;x-scheme-handler/ksowpp;x-scheme-handler/ksoet;x-scheme-handler/ksowpscloudsvr;x-scheme-handler/ksowebstartupwps;x-scheme-handler/ksowebstartupet;x-scheme-handler/ksowebstartupwpp;application/wps-office.uot;
 Name=WPS 2019
 Name[zh_CN]=WPS 2019
@@ -16,4 +17,4 @@ X-KDE-SubstituteUID=false
 X-KDE-Username=
 Icon=wps-office2019-kprometheus
-InitialPreference=3
+InitialPreference=99
 StartupWMClass=wpsoffice

然后在 ~/.config/mimeapps.list 中配置默认程序

[Default Applications]
application/vnd.openxmlformats-officedocument.wordprocessingml.document=wps-office-wrap.desktop
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=wps-office-wrap.desktop
application/vnd.openxmlformats-officedocument.presentationml.presentation=wps-office-wrap.desktop
application/vnd.ms-word=wps-office-wrap.desktop
application/vnd.ms-excel=wps-office-wrap.desktop
application/vnd.ms-powerpoint=wps-office-wrap.desktop

PS. 合并 WPS 的 MimeType 可用以下的 zsh 命令(需要 extendedglob 选项)

grep MimeType /usr/share/applications/wps-office-^pdf* | cut -d'=' -f2 | paste -sd ''