pipewire: shrink the mount sandbox

This commit is contained in:
2024-04-23 04:14:10 +00:00
parent 7db40fbf47
commit 6d74c6616c

View File

@@ -25,6 +25,7 @@ in
# sandbox.method = "landlock"; #< also works
sandbox.method = "bwrap";
sandbox.whitelistAudio = true;
sandbox.whitelistDbus = [
# dbus is used for rtkit integration
# rtkit runs on the system bus.
@@ -40,8 +41,6 @@ in
"--sane-sandbox-keep-namespace" "pid"
];
sandbox.usePortal = false;
# needs to *create* the various device files, so needs write access to the /run/user/$uid directory itself
sandbox.extraRuntimePaths = [ "/" ];
sandbox.extraPaths = [
"/dev/snd"
# desko/lappy don't need these, but moby complains if not present
@@ -100,7 +99,10 @@ in
description = "pipewire-pulse: Pipewire compatibility layer for PulseAudio clients";
depends = [ "pipewire" ];
partOf = [ "sound" ];
command = "pipewire-pulse";
command = pkgs.writeShellScript "pipewire-pulse-start" ''
mkdir -p $XDG_RUNTIME_DIR/pulse
exec pipewire-pulse
'';
readiness.waitExists = [
"$XDG_RUNTIME_DIR/pulse/native"
"$XDG_RUNTIME_DIR/pulse/pid"