modules/programs: re-introduce the "withEmbeddedSandboxer" passthru attr
This commit is contained in:
parent
2b9db897a1
commit
7b28023e08
|
@ -105,21 +105,33 @@ let
|
|||
null;
|
||||
allowedPaths = expandSymlinks allowedPaths;
|
||||
};
|
||||
in
|
||||
makeSandboxed {
|
||||
defaultProfile = sandboxProfilesFor config.sane.defaultUser;
|
||||
makeSandboxedArgs = {
|
||||
inherit pkgName package;
|
||||
inherit (sandbox)
|
||||
binMap
|
||||
embedSandboxer
|
||||
wrapperType
|
||||
;
|
||||
# extraSandboxerArgs = lib.optionals sandbox.embedProfile [
|
||||
# "--sane-sandbox-profile-dir" "${profilePkg}/share/sane-sandboxed/profiles"
|
||||
# ];
|
||||
};
|
||||
in
|
||||
makeSandboxed (makeSandboxedArgs // {
|
||||
passthru = {
|
||||
inherit sandboxProfilesFor;
|
||||
withEmbeddedSandboxer = makeSandboxed (makeSandboxedArgs // {
|
||||
# embed the sandboxer AND a profile, whichever profile the package would have if installed by the default user.
|
||||
# useful to iterate a package's sandbox config without redeploying.
|
||||
embedSandboxer = true;
|
||||
extraSandboxerArgs = [
|
||||
"--sane-sandbox-profile-dir" "${defaultProfile}/share/sane-sandboxed/profiles"
|
||||
];
|
||||
});
|
||||
withEmbeddedSandboxerOnly = makeSandboxed (makeSandboxedArgs // {
|
||||
# embed the sandboxer but no profile. useful pretty much only for testing changes within the actual sandboxer.
|
||||
embedSandboxer = true;
|
||||
});
|
||||
};
|
||||
}
|
||||
})
|
||||
);
|
||||
pkgSpec = with lib; types.submodule ({ config, name, ... }: {
|
||||
options = {
|
||||
|
|
|
@ -276,7 +276,6 @@ let
|
|||
# allow the user to build this package, but sandboxed in a different manner.
|
||||
# e.g. `<pkg>.sandboxedBy.inplace`.
|
||||
inherit sandboxedBy;
|
||||
withEmbeddedSandboxer = make-sandboxed (args // { embedSandboxer = true; });
|
||||
})
|
||||
;
|
||||
in make-sandboxed
|
||||
|
|
Loading…
Reference in New Issue
Block a user