diff --git a/hosts/common/programs/geoclue-demo-agent.nix b/hosts/common/programs/geoclue-demo-agent.nix
index d24ac28d..dba0b4f3 100644
--- a/hosts/common/programs/geoclue-demo-agent.nix
+++ b/hosts/common/programs/geoclue-demo-agent.nix
@@ -7,8 +7,15 @@
       path = "${config.sane.programs.geoclue2.packageUnwrapped}/libexec/geoclue-2.0/demos/agent";
     }];
 
+    sandbox.method = "bwrap";
+    sandbox.whitelistDbus = [
+      "system"
+    ];
+
     services.geoclue-agent = {
       description = "geoclue 'demo' agent";
+      # XXX: i don't actually understand how this works: upstream dbus rules would appear to restrict
+      # the dbus owner to just root/geoclue, but we're neither and this still works (and breaks if i remove the agent service!)
       command = "geoclue-demo-agent";
       partOf = [ "graphical-session" ];
     };