iio-sensor-proxy: sandbox
This commit is contained in:
parent
ca2ac89cec
commit
828d4fcc9c
@ -40,6 +40,14 @@ in
|
|||||||
];
|
];
|
||||||
});
|
});
|
||||||
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true; #< for dbus/polkit policies
|
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true; #< for dbus/polkit policies
|
||||||
|
|
||||||
|
sandbox.method = "bwrap";
|
||||||
|
sandbox.whitelistDbus = [ "system" ];
|
||||||
|
sandbox.extraPaths = [
|
||||||
|
"/run/udev/data"
|
||||||
|
"/sys/bus"
|
||||||
|
"/sys/devices"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
|
services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
|
||||||
# services.dbus.packages = lib.mkIf cfg.enabled [ cfg.package ]; #< for bus ownership policy
|
# services.dbus.packages = lib.mkIf cfg.enabled [ cfg.package ]; #< for bus ownership policy
|
||||||
|
Loading…
Reference in New Issue
Block a user