pipewire: shrink the mount sandbox
This commit is contained in:
@@ -25,6 +25,7 @@ in
|
||||
|
||||
# sandbox.method = "landlock"; #< also works
|
||||
sandbox.method = "bwrap";
|
||||
sandbox.whitelistAudio = true;
|
||||
sandbox.whitelistDbus = [
|
||||
# dbus is used for rtkit integration
|
||||
# rtkit runs on the system bus.
|
||||
@@ -40,8 +41,6 @@ in
|
||||
"--sane-sandbox-keep-namespace" "pid"
|
||||
];
|
||||
sandbox.usePortal = false;
|
||||
# needs to *create* the various device files, so needs write access to the /run/user/$uid directory itself
|
||||
sandbox.extraRuntimePaths = [ "/" ];
|
||||
sandbox.extraPaths = [
|
||||
"/dev/snd"
|
||||
# desko/lappy don't need these, but moby complains if not present
|
||||
@@ -100,7 +99,10 @@ in
|
||||
description = "pipewire-pulse: Pipewire compatibility layer for PulseAudio clients";
|
||||
depends = [ "pipewire" ];
|
||||
partOf = [ "sound" ];
|
||||
command = "pipewire-pulse";
|
||||
command = pkgs.writeShellScript "pipewire-pulse-start" ''
|
||||
mkdir -p $XDG_RUNTIME_DIR/pulse
|
||||
exec pipewire-pulse
|
||||
'';
|
||||
readiness.waitExists = [
|
||||
"$XDG_RUNTIME_DIR/pulse/native"
|
||||
"$XDG_RUNTIME_DIR/pulse/pid"
|
||||
|
Reference in New Issue
Block a user