sane-sandboxed: load profiles via $NIX_PROFILES env var
This commit is contained in:
parent
96575acf3a
commit
088b6f1b9a
|
@ -1,6 +1,6 @@
|
||||||
#!@runtimeShell@
|
#!@runtimeShell@
|
||||||
|
|
||||||
profileDirs=(@profileDirs@)
|
profileDirs=()
|
||||||
isDebug=
|
isDebug=
|
||||||
isDisable=
|
isDisable=
|
||||||
|
|
||||||
|
@ -56,6 +56,13 @@ tryLoadProfileByName() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
initDefaultProfileDirs() {
|
||||||
|
# NIX_PROFILES is a space-separated array of /run/current-system/sw, ...
|
||||||
|
for d in $NIX_PROFILES; do
|
||||||
|
profileDirs+=("$d/share/sane-sandboxed/profiles")
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
# convert e.g. `file:///Local%20Users/foo.mp3` to `file:///Local Users/foo.mp3`
|
# convert e.g. `file:///Local%20Users/foo.mp3` to `file:///Local Users/foo.mp3`
|
||||||
urldecode() {
|
urldecode() {
|
||||||
# source: <https://stackoverflow.com/q/6250698>
|
# source: <https://stackoverflow.com/q/6250698>
|
||||||
|
@ -521,6 +528,7 @@ ingestForBackend() {
|
||||||
## TOPLEVEL EXECUTION
|
## TOPLEVEL EXECUTION
|
||||||
# no code evaluated before this point should be dependent on user args / environment.
|
# no code evaluated before this point should be dependent on user args / environment.
|
||||||
|
|
||||||
|
initDefaultProfileDirs
|
||||||
parseArgsAndEnvironment "$@"
|
parseArgsAndEnvironment "$@"
|
||||||
|
|
||||||
# variables meant to be inherited
|
# variables meant to be inherited
|
||||||
|
|
|
@ -14,9 +14,6 @@ let
|
||||||
inherit bubblewrap firejail libcap runtimeShell;
|
inherit bubblewrap firejail libcap runtimeShell;
|
||||||
landlockSandboxer = landlock-sandboxer;
|
landlockSandboxer = landlock-sandboxer;
|
||||||
firejailProfileDirs = "/run/current-system/sw/etc/firejail /etc/firejail ${firejail}/etc/firejail";
|
firejailProfileDirs = "/run/current-system/sw/etc/firejail /etc/firejail ${firejail}/etc/firejail";
|
||||||
# /run might be unavailable inside a container, so to support nested containers
|
|
||||||
# fallback to a profile dir adjacent to the sane-sandboxed binary
|
|
||||||
profileDirs = "/run/current-system/sw/${profileDir} @out@/${profileDir}";
|
|
||||||
};
|
};
|
||||||
self = stdenv.mkDerivation {
|
self = stdenv.mkDerivation {
|
||||||
pname = "sane-sandboxed";
|
pname = "sane-sandboxed";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user