cozy: sandbox with bwrap

2024-01-27 13:11:22 +00:00 · 2024-01-27 13:11:22 +00:00 · 1bde38bf72
commit 1bde38bf72
parent a06c81643c
1 changed files with 8 additions and 0 deletions
--- a/hosts/common/programs/cozy.nix
+++ b/hosts/common/programs/cozy.nix
@ -2,6 +2,14 @@

 {
  sane.programs.cozy = {
+    sandbox.method = "bwrap";  # landlock gives: _multiprocessing.SemLock: Permission Denied
+    sandbox.embedProfile = true;
+    sandbox.extraHomePaths = [
+      "Books"
+    ];
+    sandbox.extraPaths = [
+      "/mnt/servo-media/Books"
+    ];
    # cozy uses a sqlite db for its config and exposes no CLI options other than --help and --debug
    persist.byStore.plaintext = [
      ".local/share/cozy"  # sqlite db (config & index?)