programs: fuzzel: fix overly-aggressive sandboxing
This commit is contained in:
parent
2fc1fe7510
commit
0c050d1953
|
@ -276,6 +276,10 @@ in
|
|||
withWebkit = false;
|
||||
};
|
||||
|
||||
# fuzzel: TODO: re-enable sandbox. i use fuzzel both as an entry system (snippets) AND an app-launcher.
|
||||
# as an app-launcher, it cannot be sandboxed without over-restricting the app it launches.
|
||||
# should probably make it not be an app-launcher
|
||||
fuzzel.sandbox.enable = false;
|
||||
fuzzel.sandbox.method = "bwrap"; #< landlock nearly works, but unable to open ~/.cache
|
||||
fuzzel.sandbox.wrapperType = "wrappedDerivation";
|
||||
fuzzel.persist.byStore.private = [ ".cache/fuzzel" ]; #< this is a file of recent selections
|
||||
|
|
|
@ -405,10 +405,10 @@ let
|
|||
"program ${name} specified no `sandbox.method`; please configure a method, or set sandbox.enable = false."
|
||||
];
|
||||
|
||||
system.checks = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
|
||||
system.checks = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
|
||||
p.package.passthru.checkSandboxed
|
||||
];
|
||||
sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
|
||||
sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
|
||||
p.package.passthru.sandboxProfiles
|
||||
];
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user