geoclue-demo-agent: sandbox
This commit is contained in:
parent
44c4e88b90
commit
9c523b3ddd
@ -7,8 +7,15 @@
|
|||||||
path = "${config.sane.programs.geoclue2.packageUnwrapped}/libexec/geoclue-2.0/demos/agent";
|
path = "${config.sane.programs.geoclue2.packageUnwrapped}/libexec/geoclue-2.0/demos/agent";
|
||||||
}];
|
}];
|
||||||
|
|
||||||
|
sandbox.method = "bwrap";
|
||||||
|
sandbox.whitelistDbus = [
|
||||||
|
"system"
|
||||||
|
];
|
||||||
|
|
||||||
services.geoclue-agent = {
|
services.geoclue-agent = {
|
||||||
description = "geoclue 'demo' agent";
|
description = "geoclue 'demo' agent";
|
||||||
|
# XXX: i don't actually understand how this works: upstream dbus rules would appear to restrict
|
||||||
|
# the dbus owner to just root/geoclue, but we're neither and this still works (and breaks if i remove the agent service!)
|
||||||
command = "geoclue-demo-agent";
|
command = "geoclue-demo-agent";
|
||||||
partOf = [ "graphical-session" ];
|
partOf = [ "graphical-session" ];
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user