colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/programs: sandbox: allow mimeo config in any sandbox

Browse Source
This commit is contained in:
Colin 2024-02-02 12:52:36 +00:00
parent f6eeab5650
commit 567c7993b6
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/programs/default.nix
View File

@ -45,7 +45,9 @@ let
inherit pkgName package;
inherit (sandbox) autodetectCliPaths binMap capabilities embedProfile embedSandboxer extraConfig method whitelistPwd wrapperType;
vpn = if net == "vpn" then vpn else null;
allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths;
allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths ++ [
".config/mimeo" #< TODO: required, until i fully integrate xdg-open into sandboxing. else, `xdg-open https://...` inifinite-loops.
];
allowedRootPaths = [
"/nix/store"
"/bin/sh"