``` #!/usr/bin/env bash nb=$HOME/nobackup bwrap --bind $nb/__APPS__/cursor/squashfs-root /cursor \ --bind $nb/__CURSOR_AI_REPOS__ /repos \ --ro-bind /bin /bin \ --ro-bind /usr /usr \ --ro-bind /lib /lib \ --ro-bind /lib64 /lib64 \ --bind $HOME/.config/Cursor $HOME/.config/Cursor \ --bind $HOME/.cursor $HOME/.cursor \ --bind /run/user/$UID /run/user/$UID \ --dev /dev \ --tmpfs /tmp \ --proc /proc \ -- \ /cursor/cursor \ "$@" ``` With this i am able to run cursor in a sandbox preventing it from accessing the whole filesystem. My problem was a typo when extracting the image. use `./cursor-0.45.14x86_64.AppImage --appimge-extract` this way you can not open your home or locations containing credentials by accident. The only remaining problem is that the the vscode socket path is not predictable in run. `run/user/1000/vscode-git-8813345466.sock` Could you provide a flag to make the socket-path predictable?
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by ObiWahn and has received 1 comments.
Add a comment
Comment form would go here