21 lines
572 B
Nix
21 lines
572 B
Nix
|
{ ... }:
|
||
|
{
|
||
|
sane.programs.megapixels = {
|
||
|
sandbox.method = "bwrap";
|
||
|
sandbox.wrapperType = "wrappedDerivation";
|
||
|
sandbox.whitelistDri = true;
|
||
|
sandbox.whitelistWayland = true;
|
||
|
sandbox.extraHomePaths = [
|
||
|
"tmp"
|
||
|
"Pictures"
|
||
|
];
|
||
|
sandbox.extraPaths = [
|
||
|
# needs /dev/media*, /dev/video*; easier to give it all of /dev which isn't that bad since it's not running as root.
|
||
|
"/dev"
|
||
|
# it passes the raw .dng files to a post-processor, via /tmp
|
||
|
"/tmp"
|
||
|
];
|
||
|
# TODO: surely needs access to the camera device, etc.
|
||
|
};
|
||
|
}
|