From ab15d2a99165390570ffc9a41512f28c94ba848c Mon Sep 17 00:00:00 2001 From: Colin Date: Mon, 2 Sep 2024 12:02:32 +0000 Subject: [PATCH] programs: replace gnome-disk-utility with gparted the latter *appears* to work better when sandboxed --- hosts/common/programs/assorted.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix index 1e89009bd..2fadd7679 100644 --- a/hosts/common/programs/assorted.nix +++ b/hosts/common/programs/assorted.nix @@ -372,7 +372,8 @@ in "gimp" # broken on phosh # "gnome.dconf-editor" # "gnome.file-roller" - "gnome-disk-utility" + # "gnome-disk-utility" + "gparted" "nautilus" # file browser # "gnome.totem" # video player, supposedly supports UPnP # "handbrake" #< TODO: fix build @@ -652,6 +653,7 @@ in gnome-calendar.sandbox.whitelistWayland = true; # gnome-disks + # XXX(2024-09-02): fails to show any disks even when run as `SANEBOX_DISABLE=1 sudo -E gnome-disks`. gnome-disk-utility.buildCost = 1; gnome-disk-utility.sandbox.method = "bwrap"; gnome-disk-utility.sandbox.whitelistDbus = [ "system" ]; @@ -662,6 +664,18 @@ in # TODO: probably need /dev and such ]; + # gparted: run with `sudo -E gparted` (-E to keep the wayland socket) + gparted.sandbox.method = "landlock"; + gparted.sandbox.capabilities = [ "dac_override" "sys_admin" ]; + gparted.sandbox.extraPaths = [ + "/dev" #< necessary to see any devices + "/proc" #< silences segfaults when it invokes `pidof` on its children + "/sys" #< silences "partition has been written but unable to inform the kernel ..." + ]; + gparted.sandbox.extraRuntimePaths = [ + "dconf" #< silences "unable to create file '/run/user/colin/dconf/user': Permission denied. dconf will not work properly." + ]; + hping.sandbox.method = "landlock"; hping.sandbox.net = "all"; hping.sandbox.capabilities = [ "net_raw" ];