UNTESTED: programs/assorted: switch every remaining bwrap sandboxed program over to the default (bunpen)

hosts/common/programs/assorted.nix

@@ -423,12 +423,10 @@ in
     bash-language-server.sandbox.whitelistPwd = true;
 
     blanket.buildCost = 1;
-    blanket.sandbox.method = "bwrap";
     blanket.sandbox.whitelistAudio = true;
     # blanket.sandbox.whitelistDbus = [ "user" ];  # TODO: untested
     blanket.sandbox.whitelistWayland = true;
 
-    blueberry.sandbox.method = "bwrap";
     blueberry.sandbox.wrapperType = "inplace";  #< it places binaries in /lib and then /etc/xdg/autostart files refer to the /lib paths, and fail to be patched
     blueberry.sandbox.whitelistWayland = true;
     blueberry.sandbox.extraPaths = [
@@ -438,7 +436,6 @@ in
       "/sys/devices"
     ];
 
-    bridge-utils.sandbox.method = "bwrap";  #< bwrap, landlock: both work
     bridge-utils.sandbox.net = "all";
 
     btrfs-progs.sandbox.autodetectCliPaths = "existing";  # e.g. `btrfs filesystem df /my/fs`
@@ -456,7 +453,6 @@ in
 
     clang = {};
 
-    clang-tools.sandbox.method = "bwrap";
     clang-tools.sandbox.whitelistPwd = true;
 
     clightning-sane.sandbox.extraPaths = [
@@ -478,12 +474,10 @@ in
     cryptsetup.sandbox.tryKeepUsers = true;
     cryptsetup.sandbox.keepIpc = true;
 
-    ddrescue.sandbox.method = "bunpen";
     ddrescue.sandbox.autodetectCliPaths = "existingOrParent";
     ddrescue.sandbox.tryKeepUsers = true;
 
     delfin.buildCost = 1;
-    delfin.sandbox.method = "bwrap";
     delfin.sandbox.whitelistAudio = true;
     delfin.sandbox.whitelistDbus = [ "user" ];  # else `mpris` plugin crashes the player
     delfin.sandbox.whitelistDri = true;
@@ -513,7 +507,6 @@ in
       "tmp"
     ];
 
-    dtc.sandbox.method = "bwrap";
     dtc.sandbox.autodetectCliPaths = "existingFile";  # TODO:sandbox: untested
 
     duplicity = {};
@@ -525,7 +518,6 @@ in
     ];
 
     electrum.buildCost = 1;
-    electrum.sandbox.method = "bwrap";  # TODO:sandbox: untested
     electrum.sandbox.net = "all";  # TODO: probably want to make this run behind a VPN, always
     electrum.sandbox.whitelistWayland = true;
     electrum.persist.byStore.ephemeral = [ ".electrum" ];  #< TODO: use XDG dirs!
@@ -600,7 +592,6 @@ in
     forkstat.sandbox.tryKeepUsers = true;
     forkstat.sandbox.net = "all";  #< it errors without this, wish i knew why
 
-    fuzzel.sandbox.method = "bwrap";
     fuzzel.sandbox.whitelistWayland = true;
     fuzzel.persist.byStore.private = [
       # this is a file of recent selections
@@ -831,7 +822,6 @@ in
     lsof.sandbox.net = "all";
     lsof.sandbox.extraPaths = [ "/" ];
 
-    ltex-ls.sandbox.method = "bwrap";
     ltex-ls.sandbox.whitelistPwd = true;
 
     lua = {};
@@ -843,7 +833,6 @@ in
 
     marksman.sandbox.whitelistPwd = true;
 
-    mercurial.sandbox.method = "bwrap";
     mercurial.sandbox.net = "clearnet";
     mercurial.sandbox.whitelistPwd = true;
 
@@ -861,7 +850,6 @@ in
     monero-gui.buildCost = 1;
     # XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
     monero-gui.persist.byStore.plaintext = [ ".bitmonero" ];
-    monero-gui.sandbox.method = "bwrap";
     monero-gui.sandbox.net = "all";
     monero-gui.sandbox.extraHomePaths = [
       "records/finance/cryptocurrencies/monero"
@@ -885,7 +873,6 @@ in
     networkmanagerapplet.sandbox.whitelistWayland = true;
     networkmanagerapplet.sandbox.whitelistDbus = [ "system" ];
 
-    nil.sandbox.method = "bwrap";
     nil.sandbox.whitelistPwd = true;
     nil.sandbox.keepPids = true;
 
@@ -893,7 +880,6 @@ in
 
     nixfmt-rfc-style.sandbox.autodetectCliPaths = "existingDirOrParent";  #< it formats via rename
 
-    nixpkgs-review.sandbox.method = "bwrap";
     nixpkgs-review.sandbox.wrapperType = "inplace";  #< shell completions use full paths
     nixpkgs-review.sandbox.net = "clearnet";
     nixpkgs-review.sandbox.whitelistPwd = true;
@@ -1085,7 +1071,6 @@ in
 
     strace.sandbox.enable = false;  #< needs to `exec` its args, and therefore support *anything*
 
-    subversion.sandbox.method = "bwrap";
     subversion.sandbox.net = "clearnet";
     subversion.sandbox.whitelistPwd = true;
     sudo.sandbox.enable = false;
@@ -1132,7 +1117,6 @@ in
       "/sys/bus/usb"
     ];
 
-    vala-language-server.sandbox.method = "bwrap";
     vala-language-server.sandbox.whitelistPwd = true;
     vala-language-server.suggestedPrograms = [
       # might someday support cmake, too: <https://github.com/vala-lang/vala-language-server/issues/73>

hosts/common/programs/bemenu.nix

@@ -87,7 +87,6 @@ let
 in
 {
   sane.programs.bemenu = {
-    sandbox.method = "bwrap";  # landlock works, but requires *all* of $XDG_RUNTIME_DIR to be granted.
     sandbox.whitelistWayland = true;
     sandbox.extraHomePaths = [
       ".cache/fontconfig"  #< else it complains, and is *way* slower

hosts/common/programs/bitcoin-cli.nix

@@ -2,7 +2,6 @@
 {
   sane.programs.bitcoin-cli = {
     packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.bitcoind "bitcoin-cli";
-    sandbox.method = "bwrap";
     sandbox.autodetectCliPaths = "existing";  #< for `bitcoin-cli -datadir=/var/lib/...`
     sandbox.extraHomePaths = [
       ".bitcoin/bitcoin.conf"

hosts/common/programs/cozy.nix

@@ -15,7 +15,6 @@
 
     buildCost = 1;
 
-    sandbox.method = "bwrap";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [ "user" ];  # mpris
     sandbox.whitelistWayland = true;

hosts/common/programs/evince.nix

@@ -3,7 +3,6 @@
   sane.programs.evince = {
     buildCost = 1;
 
-    sandbox.method = "bwrap";
     sandbox.autodetectCliPaths = "existingFile";
     sandbox.whitelistWayland = true;
 

hosts/common/programs/flare-signal.nix

@@ -79,7 +79,6 @@
     ];
     #VVV flare complains if its data directory is a symlink, so put it in a subdirectory behind my persistence symlink.
     env.FLARE_DATA_PATH = "$HOME/.local/share/flare/data";
-    # sandbox.method = "bwrap";
     # sandbox.net = "clearnet";
     # sandbox.whitelistWayland = true;
     # sandbox.whitelistDbus = [

hosts/common/programs/gdb.nix

@@ -2,7 +2,6 @@
 {
   sane.programs.gdb = {
     sandbox.enable = false;  # gdb doesn't sandbox well. i don't know how you could.
-    # sandbox.method = "landlock";  # permission denied when trying to attach, even as root
     sandbox.autodetectCliPaths = true;
     fs.".config/gdb/gdbinit".symlink.text = ''
       # enable commands like `py-bt`, `py-list`, etc.

hosts/common/programs/geoclue2.nix

@@ -47,7 +47,6 @@ in
     package = lib.mkForce null;
 
     # experimental sandboxing (2024/07/05)
-    # sandbox.method = "bwrap";
     # sandbox.whitelistDbus = [
     #   "system"
     # ];

hosts/common/programs/iio-sensor-proxy.nix

@@ -41,7 +41,6 @@ in
     });
     enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;  #< for dbus/polkit policies
 
-    sandbox.method = "bwrap";
     sandbox.whitelistDbus = [ "system" ];
     sandbox.extraPaths = [
       "/run/udev/data"

hosts/common/programs/koreader/default.nix

@@ -45,7 +45,6 @@ let
 in {
   sane.programs.koreader = {
     packageUnwrapped = pkgs.koreader-from-src;
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistDbus = [ "user" ];  # for opening the web browser via portal
     sandbox.whitelistDri = true;  # reduces startup time and subjective page flip time

hosts/common/programs/lemoa.nix

@@ -2,7 +2,6 @@
 {
   sane.programs.lemoa = {
     buildCost = 1;
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistDbus = [ "user" ];  # for clicking links
     sandbox.whitelistDri = true;

hosts/common/programs/lgtrombetta-compass.nix

@@ -17,7 +17,6 @@
     ];
     fs.".config/compass.conf".symlink.target = "compass/compass.conf";
 
-    sandbox.method = "bwrap";
     sandbox.extraPaths = [
       "/sys/bus/iio/devices"
       "/sys/devices"

hosts/common/programs/megapixels.nix

@@ -26,7 +26,6 @@
     # further, it doesn't use either portals or xdg-open to launch the image viewer.
     # bwrap (loupe image viewer) doesn't like to run inside landlock
     #   "bwrap: failed to make / slave: Operation not permitted"
-    sandbox.method = "bwrap";  # supports landlock or bwrap
     sandbox.whitelistDri = true;
     sandbox.whitelistWayland = true;
     sandbox.whitelistDbus = [ "user" ];  #< so that it can in theory open the image viewer using fdo portal... but it doesn't :|

hosts/common/programs/mmcli.nix

@@ -23,7 +23,6 @@
       };
     });
 
-    sandbox.method = "bwrap";
     sandbox.whitelistDbus = [
       "system"
     ];

hosts/common/programs/notejot.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   sane.programs.notejot = {
-    sandbox.method = "bwrap";
     sandbox.whitelistWayland = true;
     sandbox.whitelistDri = true;  #< otherwise intolerably slow on moby
     sandbox.extraHomePaths = [ ".config/dconf" ];  #< for legacy notes (moby), loaded via dconf

hosts/common/programs/ntfy-sh.nix

@@ -20,7 +20,6 @@ in
       };
     };
 
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
 
     secrets.".config/ntfy-sh/topic" = ../../../secrets/common/ntfy-sh-topic.bin;

hosts/common/programs/open-in-mpv.nix

@@ -2,7 +2,6 @@
 { pkgs, ... }:
 {
   sane.programs.open-in-mpv = {
-    sandbox.method = "bwrap";
     sandbox.whitelistDbus = [ "user" ];  # for xdg-open/portals
 
     # taken from <https://github.com/Baldomo/open-in-mpv>

hosts/common/programs/planify.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   sane.programs.planify = {
-    sandbox.method = "bwrap";
     sandbox.whitelistDbus = [ "user" ];  # for dconf? else it can't persist any tasks/notes
     sandbox.whitelistWayland = true;
 

hosts/common/programs/sfeed.nix

@@ -15,7 +15,6 @@ let
   ) wantedFeeds;
 in {
   sane.programs.sfeed = {
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
 
     fs.".sfeed/sfeedrc".symlink.text = ''

hosts/common/programs/splatmoji.nix

@@ -17,7 +17,6 @@
         })
       ];
     });
-    sandbox.method = "bwrap";
     sandbox.whitelistWayland = true;  # it calls into a dmenu helper
     sandbox.extraHomePaths = [
       ".cache/rofi"

hosts/common/programs/spot.nix

@@ -3,7 +3,6 @@
   sane.programs.spot = {
     buildCost = 1;
 
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [ "user" ];  # mpris

hosts/common/programs/spotify.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   sane.programs.spotify = {
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [ "user" ];  # mpris

hosts/common/programs/steam.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   sane.programs.steam = {
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [ "user" ];  #< to open https:// links in portal

hosts/common/programs/switchboard.nix

@@ -27,7 +27,6 @@
       ];
       xorg = pkgs.buildPackages.xorg;  #< cross compilation fix (TODO: upstream)
     };
-    sandbox.method = "bwrap";
     sandbox.whitelistWayland = true;
     sandbox.whitelistDbus = [ "system" ];  #< to speak with NetworkManager
     sandbox.whitelistAudio = true;  #< even with this, the sound plugin doesn't seem to work...

hosts/common/programs/tangram.nix

@@ -29,7 +29,6 @@ in
 
     buildCost = 2;
 
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDri = true;

hosts/common/programs/vlc.nix

@@ -14,7 +14,6 @@ in
       # disable uneeded samba features to avoid an expensive samba build
       samba = null;
     };
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.autodetectCliPaths = "existing";
     sandbox.whitelistAudio = true;

hosts/common/programs/wally-cli.nix

@@ -4,7 +4,6 @@
   sane.programs.wally-cli = {
     # sandboxing causes it to not discover devices post-launch.
     # so you have to start wally AFTER pressing the 'flash' button.
-    sandbox.method = "bwrap";
     sandbox.extraPaths = [
       "/dev/bus/usb"
       "/sys/bus/usb"

hosts/common/programs/waybar/default.nix

@@ -82,7 +82,6 @@ in
       hyprlandSupport = false;  #< doesn't cross. hyprland clowns are forking deps even like `wayland-scanner`, too much maintenance.
     };
 
-    sandbox.method = "bwrap";
     sandbox.net = "all";  #< to show net connection status and BW
     sandbox.whitelistDbus = [
       "user"  #< for playerctl/media

hosts/common/programs/waylock.nix

@@ -6,7 +6,6 @@ let
 in
 {
   sane.programs.waylock = {
-    sandbox.method = "bwrap";
     sandbox.extraPaths = [
       # N.B.: we need to be able to follow /etc/shadow to wherever it's symlinked.
       # waylock seems (?) to offload password checking to pam's `unix_chkpwd`,

hosts/common/programs/xarchiver.nix

@@ -7,7 +7,6 @@
     };
     buildCost = 1;
 
-    sandbox.method = "bwrap";
     sandbox.whitelistWayland = true;
     sandbox.extraHomePaths = [
       "archive"

hosts/common/programs/xdg-desktop-portal-gtk.nix

@@ -7,7 +7,6 @@ in
     # rmDbusServices: because we care about ordering with the rest of the desktop, and don't want something else to auto-start this.
     packageUnwrapped = pkgs.rmDbusServicesInPlace pkgs.xdg-desktop-portal-gtk;
 
-    sandbox.method = "bwrap";
     sandbox.whitelistDbus = [ "user" ];  # speak to main xdg-desktop-portal
     sandbox.whitelistWayland = true;
     sandbox.extraHomePaths = [

hosts/common/programs/zathura.nix

@@ -2,7 +2,6 @@
 {
   sane.programs.zathura = {
     buildCost = 1;
-    sandbox.method = "bwrap";
     sandbox.wrapperType = "inplace";  #< wrapper sets ZATHURA_PLUGINS_PATH to $out/lib/...
     sandbox.whitelistDri = true;
     sandbox.whitelistWayland = true;

hosts/common/programs/zulip.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   sane.programs.zulip = {
-    sandbox.method = "bwrap";
     sandbox.net = "clearnet";
     sandbox.whitelistDbus = [ "user" ];  # notifications (i hope!)
     sandbox.whitelistWayland = true;