programs: epiphany: simplify the sandboxing
This commit is contained in:
parent
56e7e9a7cc
commit
2df1b20f02
|
@ -10,14 +10,13 @@
|
||||||
sane.programs.epiphany = {
|
sane.programs.epiphany = {
|
||||||
sandbox.method = "bwrap";
|
sandbox.method = "bwrap";
|
||||||
sandbox.wrapperType = "inplace"; # /share/epiphany/default-bookmarks.rdf refers back to /share; dbus files to /libexec
|
sandbox.wrapperType = "inplace"; # /share/epiphany/default-bookmarks.rdf refers back to /share; dbus files to /libexec
|
||||||
sandbox.extraConfig = [
|
|
||||||
# default sandboxing breaks rendering in weird ways. sites are super zoomed in / not scaled.
|
# default sandboxing breaks rendering in weird ways. sites are super zoomed in / not scaled.
|
||||||
# enabling DRM (as below) seems to fix that.
|
# enabling DRI/DRM (as below) seems to fix that.
|
||||||
"--sane-sandbox-path" "/dev/dri"
|
sandbox.whitelistDri = true;
|
||||||
"--sane-sandbox-path" "/sys/dev/char"
|
sandbox.extraHomePaths = [
|
||||||
"--sane-sandbox-path" "/sys/devices"
|
"tmp"
|
||||||
];
|
];
|
||||||
fs."tmp" = {};
|
|
||||||
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
|
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
|
||||||
# - `bwrap: Can't make symlink at /var/run: File exists`
|
# - `bwrap: Can't make symlink at /var/run: File exists`
|
||||||
# this could be due to:
|
# this could be due to:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user