From 4a8a5b309ec7f85c6f15c6438c0ee502ce0b735d Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 5 Jul 2024 23:27:51 +0000
Subject: [PATCH] satellite: sandbox

---
 hosts/common/programs/satellite.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/satellite.nix b/hosts/common/programs/satellite.nix
index e9a81f086..cb71d8c0f 100644
--- a/hosts/common/programs/satellite.nix
+++ b/hosts/common/programs/satellite.nix
@@ -49,5 +49,11 @@
 #
 { ... }:
 {
-  sane.programs.satellite = {};
+  sane.programs.satellite = {
+    sandbox.method = "bwrap";
+    sandbox.whitelistDbus = [
+      "system"  #< reads NMEA data via ModemManager
+    ];
+    sandbox.whitelistWayland = true;
+  };
 }