make-sandboxed: handle more systemd/dbus service file locations

2024-05-28 13:35:17 +00:00 · 2024-05-28 13:35:17 +00:00 · be38d56717
commit be38d56717
parent 7d242ab02c
1 changed files with 10 additions and 4 deletions
--- a/modules/programs/make-sandboxed.nix
+++ b/modules/programs/make-sandboxed.nix
@ -117,6 +117,10 @@ let
      mkdir -p "$out/bin"
      ${buildPackages.xorg.lndir}/bin/lndir "${package}/bin" "$out/bin"
    fi
+    if [ "$(readlink ${package}/sbin)" == "bin" ]; then
+      # weird packages like wpa_supplicant depend on a sbin/ -> bin symlink in their service files
+      ln -s bin "$out/sbin"
+    fi
    if [ -e "${package}/libexec" ]; then
      mkdir -p "$out/libexec"
      ${buildPackages.xorg.lndir}/bin/lndir "${package}/libexec" "$out/libexec"
@ -128,7 +132,7 @@ let
    meta = extractMeta package;
  });

-  # helper used for `wrapperType == "wrappedDerivation"` which ensures that and copied/symlinked share/ files (like .desktop) files
+  # helper used for `wrapperType == "wrappedDerivation"` which ensures that any copied/symlinked share/ files (like .desktop) files
  # don't point to the unwrapped binaries.
  # other important files it preserves:
  # - share/applications
@ -136,6 +140,7 @@ let
  # - share/icons
  # - share/man
  # - share/mime
+  # - {etc,lib,share}/systemd
  fixHardcodedRefs = unsandboxed: sandboxedBin: unsandboxedNonBin: unsandboxedNonBin.overrideAttrs (prevAttrs: {
    postInstall = (prevAttrs.postInstall or "") + ''
      trySubstitute() {
@ -155,17 +160,18 @@ let
      # fixup a few files i understand well enough
      for d in \
        $out/etc/xdg/autostart/*.desktop \
-        $out/lib/systemd/user/*.service \
        $out/share/applications/*.desktop \
-        $out/share/dbus-1/services/*.service \
-        $out/share/systemd/user/*.service \
+        $out/share/dbus-1/{services,system-services}/*.service \
+        $out/{etc,lib,share}/systemd/{system,user}/*.service \
      ; do
        # dbus and desktop files
        trySubstitute "$d" "Exec=%s/bin/"
        trySubstitute "$d" "Exec=%s/libexec/"
+        trySubstitute "$d" "Exec=%s/sbin/"
        # systemd service files
        trySubstitute "$d" "ExecStart=%s/bin/"
        trySubstitute "$d" "ExecStart=%s/libexec/"
+        trySubstitute "$d" "ExecStart=%s/sbin/"
      done
    '';
    passthru = (prevAttrs.passthru or {}) // {