programs: fuzzel: fix overly-aggressive sandboxing

hosts/common/programs/assorted.nix

@@ -276,6 +276,10 @@ in
       withWebkit = false;
     };
 
+    # fuzzel: TODO: re-enable sandbox. i use fuzzel both as an entry system (snippets) AND an app-launcher.
+    #   as an app-launcher, it cannot be sandboxed without over-restricting the app it launches.
+    #   should probably make it not be an app-launcher
+    fuzzel.sandbox.enable = false;
     fuzzel.sandbox.method = "bwrap";  #< landlock nearly works, but unable to open ~/.cache
     fuzzel.sandbox.wrapperType = "wrappedDerivation";
     fuzzel.persist.byStore.private = [ ".cache/fuzzel" ];  #< this is a file of recent selections

modules/programs/default.nix

@@ -405,10 +405,10 @@ let
       "program ${name} specified no `sandbox.method`; please configure a method, or set sandbox.enable = false."
     ];
 
-    system.checks = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
+    system.checks = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
       p.package.passthru.checkSandboxed
     ];
-    sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.method != null && p.package != null) [
+    sane.sandboxProfiles = lib.optionals (p.enabled && p.sandbox.enable && p.sandbox.method != null && p.package != null) [
       p.package.passthru.sandboxProfiles
     ];