programs: use wrapperType=wrappedDerivation where possible

This commit is contained in:
2024-01-29 12:07:04 +00:00
parent 7af970f38c
commit 1cb2c5225f
4 changed files with 4 additions and 1 deletions

View File

@@ -10,6 +10,7 @@
}; };
sandbox.method = "bwrap"; sandbox.method = "bwrap";
sandbox.wrapperType = "wrappedDerivation";
sandbox.autodetectCliPaths = true; sandbox.autodetectCliPaths = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
# support media imports via file->open dir to some common media directories # support media imports via file->open dir to some common media directories

View File

@@ -3,7 +3,7 @@
{ {
sane.programs.cozy = { sane.programs.cozy = {
sandbox.method = "bwrap"; # landlock gives: _multiprocessing.SemLock: Permission Denied sandbox.method = "bwrap"; # landlock gives: _multiprocessing.SemLock: Permission Denied
sandbox.embedProfile = true; sandbox.wrapperType = "wrappedDerivation";
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Books" "Books"
]; ];

View File

@@ -32,6 +32,7 @@ in
''; '';
}); });
sandbox.method = "bwrap"; sandbox.method = "bwrap";
sandbox.wrapperType = "wrappedDerivation";
persist.byStore.private = [ persist.byStore.private = [
".cache/gtkcord4" ".cache/gtkcord4"

View File

@@ -5,6 +5,7 @@ in
{ {
sane.programs.wireshark = { sane.programs.wireshark = {
sandbox.method = "landlock"; sandbox.method = "landlock";
sandbox.wrapperType = "wrappedDerivation";
sandbox.extraPaths = [ sandbox.extraPaths = [
"/proc/net" #< only needed if using landlock "/proc/net" #< only needed if using landlock
]; ];