colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

geary: try to reduce dbus access, but then abort because i notice it uses xdg-dbus-proxy internally, which doesnt yet support nesting!

Browse Source
This commit is contained in:
Colin
2025-01-26 09:06:28 +00:00
parent 5f8d64cdb5
commit 6f0f54f0ae
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hosts/common/programs/geary.nix
View File

@@ -25,7 +25,11 @@ in
sandbox.wrapperType = "inplace"; #< XXX(2024-08-20): if executed from a directory different than the configured prefix, it fails to locate its sql migration files sandbox.wrapperType = "inplace"; #< XXX(2024-08-20): if executed from a directory different than the configured prefix, it fails to locate its sql migration files
sandbox.net = "clearnet"; sandbox.net = "clearnet";
sandbox.whitelistDbus.user = true; #< TODO: reduce # notifications sandbox.whitelistDbus.user = true; #< TODO: reduce (as per below; after xdg-dbus-proxy is made nestable)
# sandbox.whitelisDbus.user.call."org.freedesktop.secrets" = "*"; #< TODO: restrict to a subset of secrets
# sandbox.whitelistDbus.user.call."org.gnome.evolution.dataserver.*" = "*";
# sandbox.whitelistDbus.user.own = [ "org.gnome.Geary" ];
# sandbox.whitelistPortal = [ "FileChooser" "OpenURI" "Print" ]; #< unsure if all these are actually used
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
# it shouldn't need these, but portal integration seems incomplete? # it shouldn't need these, but portal integration seems incomplete?