Yes, but that is OK…?
We’d have proper whitespace handling… The pseudo code:
sandbox-app-launcher:
sudo \
--set-home \
--user="${app_user}" \
sandbox_app_launcher_debug="$sandbox_app_launcher_debug" \
app_path="$app_path" \
/usr/share/sandbox-app-launcher/bwrap-wrapper
bwrap-wrapper:
bwrap \
...
--ro-bind "${main_app_dir}/machine-id /etc/machine-id" \
--ro-bind "${wrapper_script}" "${wrapper_script}" \
10< <(getent passwd root "${app_user}" nobody) \
11< <(getent group root "${app_user}" nobody) \
12< "${seccomp_filter}" \
"${bwrap_args}" \
"${wrapper_script}" "${@}"
Using "${@}" (or "$@") would fix whitespace handling.
If that sounds good, I am eager to implement this.