diff --git a/modules/programs/default.nix b/modules/programs/default.nix index 3f543ae7..7e8dcfd5 100644 --- a/modules/programs/default.nix +++ b/modules/programs/default.nix @@ -105,21 +105,33 @@ let null; allowedPaths = expandSymlinks allowedPaths; }; - in - makeSandboxed { + defaultProfile = sandboxProfilesFor config.sane.defaultUser; + makeSandboxedArgs = { inherit pkgName package; inherit (sandbox) binMap embedSandboxer wrapperType ; - # extraSandboxerArgs = lib.optionals sandbox.embedProfile [ - # "--sane-sandbox-profile-dir" "${profilePkg}/share/sane-sandboxed/profiles" - # ]; + }; + in + makeSandboxed (makeSandboxedArgs // { passthru = { inherit sandboxProfilesFor; + withEmbeddedSandboxer = makeSandboxed (makeSandboxedArgs // { + # embed the sandboxer AND a profile, whichever profile the package would have if installed by the default user. + # useful to iterate a package's sandbox config without redeploying. + embedSandboxer = true; + extraSandboxerArgs = [ + "--sane-sandbox-profile-dir" "${defaultProfile}/share/sane-sandboxed/profiles" + ]; + }); + withEmbeddedSandboxerOnly = makeSandboxed (makeSandboxedArgs // { + # embed the sandboxer but no profile. useful pretty much only for testing changes within the actual sandboxer. + embedSandboxer = true; + }); }; - } + }) ); pkgSpec = with lib; types.submodule ({ config, name, ... }: { options = { diff --git a/modules/programs/make-sandboxed.nix b/modules/programs/make-sandboxed.nix index 9ac245cf..698362d0 100644 --- a/modules/programs/make-sandboxed.nix +++ b/modules/programs/make-sandboxed.nix @@ -276,7 +276,6 @@ let # allow the user to build this package, but sandboxed in a different manner. # e.g. `.sandboxedBy.inplace`. inherit sandboxedBy; - withEmbeddedSandboxer = make-sandboxed (args // { embedSandboxer = true; }); }) ; in make-sandboxed