programs: blueberry: sandbox

2024-02-16 07:58:00 +00:00 · 2024-02-16 07:58:00 +00:00 · 1416856fb6
commit 1416856fb6
parent 2a5bc6f612
1 changed files with 10 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -227,6 +227,16 @@ in
    # blanket.sandbox.whitelistDbus = [ "user" ];  # TODO: untested
    blanket.sandbox.whitelistWayland = true;

+    blueberry.sandbox.method = "bwrap";
+    blueberry.sandbox.wrapperType = "wrappedDerivation";
+    blueberry.sandbox.whitelistWayland = true;
+    blueberry.sandbox.extraPaths = [
+      "/dev/rfkill"
+      "/run/dbus"
+      "/sys/class/rfkill"
+      "/sys/devices"
+    ];
+
    brightnessctl.sandbox.method = "landlock";  # also bwrap, but landlock is more responsive
    brightnessctl.sandbox.wrapperType = "wrappedDerivation";
    brightnessctl.sandbox.extraPaths = [