From 2b7143fb849dbea2177af74f9783ad6db4e842bb Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 7 Sep 2024 20:58:57 +0000
Subject: [PATCH] portfolio-filemanager: sandbox with bunpen

note that portfolio seems not to use portal integration anymore? so using it to launch e.g. Music files totally fails (because i don't grant pipewire access)

well, i don't really use this that much, so i'll deal with that only if/when it's an issue
---
 hosts/common/programs/portfolio-filemanager.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/portfolio-filemanager.nix b/hosts/common/programs/portfolio-filemanager.nix
index d1e415a53..20c5106b7 100644
--- a/hosts/common/programs/portfolio-filemanager.nix
+++ b/hosts/common/programs/portfolio-filemanager.nix
@@ -2,7 +2,7 @@
 {
   sane.programs.portfolio-filemanager = {
     # this is all taken pretty directly from nautilus config
-    sandbox.method = "bwrap";
+    sandbox.method = "bunpen";
     sandbox.whitelistDbus = [ "user" ];  # for portals launching apps
     sandbox.whitelistWayland = true;
     sandbox.extraHomePaths = [
@@ -10,8 +10,17 @@
       "/"
       ".persist/ephemeral"
       ".persist/plaintext"
+      "Pictures/Photos"
+      "Pictures/Screenshots"
+      "Pictures/albums"
+      "Pictures/cat"
+      "Pictures/from"
+      "Videos/local"
+      "archive"
       "knowledge"
       "nixos"
+      "records"
+      "tmp"
     ];
     sandbox.extraPaths = [
       "/boot"