From 5819f071811966f6e45c37d242ddac41d08ce842 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Thu, 22 Feb 2024 22:11:24 +0000
Subject: [PATCH] programs: xwayland: sandbox

---
 hosts/common/programs/assorted.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 2b4e70eb..ae596d1e 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -926,6 +926,12 @@ in
     wl-clipboard.sandbox.wrapperType = "wrappedDerivation";
     wl-clipboard.sandbox.whitelistWayland = true;
 
+    xwayland.sandbox.method = "bwrap";
+    xwayland.sandbox.wrapperType = "wrappedDerivation";
+    xwayland.sandbox.whitelistWayland = true;  #< just assuming this is needed
+    xwayland.sandbox.net = "clearnet";  #< just assuming this is needed (X11 traffic)
+    xwayland.sandbox.whitelistDri = true;  #< would assume this gives better gfx perf
+
     xdg-terminal-exec.sandbox.enable = false;  # xdg-terminal-exec is a launcher for $TERM
     xterm.sandbox.enable = false;  # need to be able to do everything