colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

nwg-panel: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-03 14:56:09 +00:00
parent d474d159ac
commit a2bfb23253
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/common/programs/nwg-panel/default.nix
View File

@@ -187,7 +187,7 @@ in
playerctlChars = if cfg.config.mediaTitle then 60 else 0; playerctlChars = if cfg.config.mediaTitle then 60 else 0;
}); });
sandbox.method = "bwrap"; sandbox.method = "bunpen";
sandbox.whitelistAudio = true; sandbox.whitelistAudio = true;
sandbox.whitelistDri = true; sandbox.whitelistDri = true;
sandbox.whitelistS6 = true; sandbox.whitelistS6 = true;
@@ -197,6 +197,7 @@ in
"system" # for "shutdown" option to speak to systemd "system" # for "shutdown" option to speak to systemd
]; ];
sandbox.extraPaths = [ sandbox.extraPaths = [
"/proc" #< probably needed for recursive bwrap sandboxing?
"/run/systemd" #< for "shutdown" option "/run/systemd" #< for "shutdown" option
"/sys/class/backlight" "/sys/class/backlight"
"/sys/class/leds" #< for torch/flashlight on moby "/sys/class/leds" #< for torch/flashlight on moby