xwayland: sandbox

This commit is contained in:
2024-02-23 01:05:24 +00:00
parent 5819f07181
commit af03b3f6e8
2 changed files with 9 additions and 3 deletions

View File

@@ -927,7 +927,7 @@ in
wl-clipboard.sandbox.whitelistWayland = true;
xwayland.sandbox.method = "bwrap";
xwayland.sandbox.wrapperType = "wrappedDerivation";
xwayland.sandbox.wrapperType = "inplace"; #< consumers use it as a library (e.g. wlroots)
xwayland.sandbox.whitelistWayland = true; #< just assuming this is needed
xwayland.sandbox.net = "clearnet"; #< just assuming this is needed (X11 traffic)
xwayland.sandbox.whitelistDri = true; #< would assume this gives better gfx perf

View File

@@ -27,7 +27,12 @@ let
configuredSway
];
};
swayPackage = wrapSway (pkgs.sway-unwrapped.overrideAttrs (_: {
swayPackage = wrapSway (
(pkgs.sway-unwrapped.override {
# wlroots seems to launch Xwayland itself, and i can't easily just do that myself externally.
# so in order for the Xwayland it launches to be sandboxed, i need to patch the sandboxed version in here.
wlroots_0_16 = pkgs.wlroots_0_16.override { xwayland = config.sane.programs.xwayland.package; };
}).overrideAttrs (_: {
# isNixOS = true; #< doesn't matter
#
# about xwayland:
@@ -39,7 +44,8 @@ let
# TODO: something else is dragging a xwayland-enabled wlroots into the environment,
# making this actually kinda wasteful.
enableXWayland = config.sane.programs.xwayland.enabled;
}));
})
);
in
{
sane.programs.sway = {