From 00d06db66a2b4610fd007b2b151d3e4b6b708332 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 29 May 2024 12:18:09 +0000
Subject: [PATCH] make-sandboxed: handle more systemd service files

---
 modules/programs/make-sandboxed.nix | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/modules/programs/make-sandboxed.nix b/modules/programs/make-sandboxed.nix
index b5b18e9d..508a7d38 100644
--- a/modules/programs/make-sandboxed.nix
+++ b/modules/programs/make-sandboxed.nix
@@ -164,14 +164,13 @@ let
         $out/share/dbus-1/{services,system-services}/*.service \
         $out/{etc,lib,share}/systemd/{system,user}/*.service \
       ; do
-        # dbus and desktop files
-        trySubstitute "$d" "Exec=%s/bin/"
-        trySubstitute "$d" "Exec=%s/libexec/"
-        trySubstitute "$d" "Exec=%s/sbin/"
-        # systemd service files
-        trySubstitute "$d" "ExecStart=%s/bin/"
-        trySubstitute "$d" "ExecStart=%s/libexec/"
-        trySubstitute "$d" "ExecStart=%s/sbin/"
+        # Exec: dbus and desktop files
+        # ExecStart,ExecReload: systemd service files
+        for key in Exec ExecStart ExecReload; do
+          for binLoc in bin libexec sbin; do
+            trySubstitute "$d" "$key=%s/$binLoc/"
+          done
+        done
       done
     '';
     passthru = (prevAttrs.passthru or {}) // {