Hi again! 😄

I am experimenting with Bubblejail and AppImage. For now it does not work. First of all executable file must be binded inside the sandbox. And, second, there is must be a /dev/fuse available inside. These are not a problems. I wrote a small patch (I am not making an pull request because it is not ready and I want to discuss it). But these things are not enough. It is impossible to mount FUSE inside: mount("appName-v1.2.3.x86_64.AppImage", "/tmp/.mount_appName-v5QFPIr", "fuse.appName-v1.2.3.x86_64.AppImag"..., MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=5,rootmode=40000,user_id=1000"...) = -1 EPERM (Operation not permitted) I think it is a security restriction of bwrap. But I do not know how to bypass it and is it a good idea.

Another way, I think, is to create a helper function, which will mount AppImage before start and unmount it after, outside of the sandbox. This can be done with udisksctl or dbus call to udisk daemon. But there is a disadvantage: mount point will be visible as a disk in /media.

P.S.: I have some more ideas about integration between Bubblejail and AppImage. Where is it convenient for you to discuss this?
P.P.S: Do you speak Russian? Do not get me wrong. I think I saw your nickname somethere as an email address with yandex.ru domain. If so, it would help communicate.