From 278631b59e9106a3659042c7b29e4b090ba8987d Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 18 May 2024 06:52:53 +0000
Subject: [PATCH] calls: sandbox

---
 hosts/common/programs/calls.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hosts/common/programs/calls.nix b/hosts/common/programs/calls.nix
index ca5ac8c2..e55b24be 100644
--- a/hosts/common/programs/calls.nix
+++ b/hosts/common/programs/calls.nix
@@ -41,6 +41,12 @@ in
       ];
     });
 
+    sandbox.method = "bwrap";
+    sandbox.net = "clearnet";
+    sandbox.whitelistAudio = true;
+    sandbox.whitelistDbus = [ "user" ];  # necessary for secrets, at the minimum
+    sandbox.whitelistWayland = true;
+
     persist.byStore.private = [
       # ".cache/folks"      # contact avatars?
       # ".config/calls"