From 02deb27c8dca75a121ccb6725d096563eb3e8795 Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 29 Oct 2024 09:12:11 +0000 Subject: [PATCH] rofi-run-command: sandbox --- hosts/common/programs/rofi/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/common/programs/rofi/default.nix b/hosts/common/programs/rofi/default.nix index 13268eac3..ff7ab7613 100644 --- a/hosts/common/programs/rofi/default.nix +++ b/hosts/common/programs/rofi/default.nix @@ -141,7 +141,11 @@ in srcRoot = ./.; pkgs = [ "sane-open" ]; }; - sandbox.method = null; #< trivial script, and all our deps are sandboxed + # sandboxing options cribbed from sane-open + sandbox.whitelistDbus = [ "user" ]; + sandbox.keepPidsAndProc = true; + sandbox.extraHomePaths = [ ".local/share/applications" ]; + sandbox.extraRuntimePaths = [ "sway" ]; suggestedPrograms = [ "sane-open"