colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

rofi-run-command: restrict dbus

Browse Source 
can't restrict ALL of rofi, for some reason. maybe dbus proxies don't nest well?
This commit is contained in:
Colin
2025-01-10 00:23:31 +00:00
parent 14b475a0a6
commit 35ce9a412d
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/common/programs/rofi/default.nix
View File

@@ -94,7 +94,11 @@ in
"rofi-run-command" "rofi-run-command"
]; ];
sandbox.whitelistDbus.user = true; #< TODO: reduce #< to launch apps via the portal sandbox.whitelistDbus.user = true; #< TODO: should only need DynamicLauncher / OpenURI (nested xdg-dbus-proxy issue?)
# sandbox.whitelistPortal = [
# "DynamicLauncher"
# "OpenURI"
# ];
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
".local/share/applications" #< to locate .desktop files ".local/share/applications" #< to locate .desktop files
@@ -142,7 +146,10 @@ in
}; };
# sandboxing options cribbed from sane-open # sandboxing options cribbed from sane-open
sandbox.autodetectCliPaths = "existing"; # for when opening a file sandbox.autodetectCliPaths = "existing"; # for when opening a file
sandbox.whitelistDbus.user = true; #< TODO: reduce sandbox.whitelistPortal = [
"DynamicLauncher"
"OpenURI"
];
sandbox.keepPidsAndProc = true; sandbox.keepPidsAndProc = true;
sandbox.extraHomePaths = [ ".local/share/applications" ]; sandbox.extraHomePaths = [ ".local/share/applications" ];
sandbox.extraRuntimePaths = [ "sway" ]; sandbox.extraRuntimePaths = [ "sway" ];