Align downstream Computer Use readiness and identity hooks#13
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces build-time GNOME extension and DBus identity overrides, along with runtime environment variable aliases for embedded Codex builds. It also ports downstream Linux readiness and session hydration fixes, allowing direct /dev/uinput and the XDG RemoteDesktop portal to be treated as valid input backends, and carrying XAUTHORITY through environment hydration. The review feedback suggests optimizing the retrieval of the current user's UID in process_owner_matches_current_user by using /proc/self metadata instead of spawning an external process, and removing a redundant !visited_pids.contains(&1) check since PID 1 is never visited in the preceding loop.
| fn process_owner_matches_current_user(pid: u32) -> bool { | ||
| let Some(current_uid) = user_id().and_then(|uid| uid.parse::<u32>().ok()) else { | ||
| return false; | ||
| }; | ||
| fs::metadata(format!("/proc/{pid}")) | ||
| .ok() | ||
| .is_some_and(|metadata| metadata.uid() == current_uid) | ||
| } |
There was a problem hiding this comment.
Spawning an external process via user_id() (which runs id -u) to determine the current user's UID is inefficient and can be slow. Since /proc/self is owned by the current user on Linux, we can retrieve the current UID directly and efficiently using fs::metadata("/proc/self").map(|m| m.uid()) without spawning any external commands.
fn process_owner_matches_current_user(pid: u32) -> bool {
let Ok(current_uid) = fs::metadata("/proc/self").map(|m| m.uid()) else {
return false;
};
fs::metadata(format!("/proc/{pid}"))
.ok()
.is_some_and(|metadata| metadata.uid() == current_uid)
}| if !visited_pids.contains(&1) && process_owner_matches_current_user(1) { | ||
| if let Some(process_env) = read_process_environ(1).filter(process_env_has_graphical_display) | ||
| { | ||
| environments.push(process_env); | ||
| } | ||
| } |
There was a problem hiding this comment.
The check !visited_pids.contains(&1) is redundant because the preceding loop breaks immediately if current_pid <= 1 (lines 361-363). Consequently, visited_pids can never contain 1, making this check always evaluate to true. Simplifying this condition improves readability and avoids an unnecessary vector search.
if process_owner_matches_current_user(1) {
if let Some(process_env) = read_process_environ(1).filter(process_env_has_graphical_display)
{
environments.push(process_env);
}
}1 participant
Summary
/dev/uinputand XDG RemoteDesktop portal as valid development-input readiness backends, not onlyydotooldXAUTHORITYand add same-user graphical PID 1 env fallback for desktop sessionsCUL_*GNOME/DBus identity hooks plus Codex embedded runtime env aliases while keeping standalone defaultsValidation
cargo fmt --all -- --checkcargo test --lockedcargo clippy --locked --all-targets -- -D warningscargo build --lockedscripts/mcp_safety_check.py --binary target/debug/computer-use-linuxagnix .node scripts/zod-check/check.mjs --command target/debug/computer-use-linux