colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: fuzzel: fix overly-aggressive sandboxing

Browse Source
This commit is contained in:
Colin 2024-02-06 20:10:29 +00:00
parent 2fc1fe7510
commit 0c050d1953
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/assorted.nix
View File

@ -276,6 +276,10 @@ in
withWebkit = false;
};
# fuzzel: TODO: re-enable sandbox. i use fuzzel both as an entry system (snippets) AND an app-launcher.
# as an app-launcher, it cannot be sandboxed without over-restricting the app it launches.
# should probably make it not be an app-launcher
fuzzel.sandbox.enable = false;
fuzzel.sandbox.method = "bwrap"; #< landlock nearly works, but unable to open ~/.cache
fuzzel.sandbox.wrapperType = "wrappedDerivation";
fuzzel.persist.byStore.private = [ ".cache/fuzzel" ]; #< this is a file of recent selections

4
modules/programs/default.nix
View File

@ -405,10 +405,10 @@ let
"program ${name} specified no `sandbox.method`; please configure a method, or set sandbox.enable = false."
];
system.checks = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
system.checks = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
p.package.passthru.checkSandboxed
];
sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
p.package.passthru.sandboxProfiles
];