swaync: allow toggling of s6 services
This commit is contained in:
parent
e62be121e2
commit
9c0b175260
|
@ -58,6 +58,7 @@ in
|
|||
"user" # mpris; portal
|
||||
"system" # backlight
|
||||
];
|
||||
sandbox.whitelistS6 = true;
|
||||
sandbox.whitelistWayland = true;
|
||||
sandbox.extraPaths = [
|
||||
"/sys/class/backlight"
|
||||
|
|
|
@ -73,6 +73,7 @@ let
|
|||
++ lib.optionals sandbox.whitelistAudio [ "pipewire" "pulse" ] # this includes pipewire/pipewire-0-manager: is that ok?
|
||||
++ lib.optionals (builtins.elem "user" sandbox.whitelistDbus) [ "bus" ]
|
||||
++ lib.optionals sandbox.whitelistWayland [ "wayland" ] # app can still communicate with wayland server w/o this, if it has net access
|
||||
++ lib.optionals sandbox.whitelistS6 [ "s6" ] # TODO: this allows re-writing the services themselves: don't allow that!
|
||||
)
|
||||
);
|
||||
allowedPaths = [
|
||||
|
@ -386,6 +387,13 @@ let
|
|||
allow the program full access to whichever directory it was launched from.
|
||||
'';
|
||||
};
|
||||
sandbox.whitelistS6 = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
allow the program to start/stop s6 services.
|
||||
'';
|
||||
};
|
||||
sandbox.whitelistWayland = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
|
Loading…
Reference in New Issue