diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix index 512834dd5..ba5776011 100644 --- a/hosts/common/programs/assorted.nix +++ b/hosts/common/programs/assorted.nix @@ -604,7 +604,7 @@ in "/proc" ]; - fuzzel.sandbox.method = "bwrap"; #< landlock nearly works, but unable to open ~/.cache + fuzzel.sandbox.method = "bwrap"; fuzzel.sandbox.whitelistWayland = true; fuzzel.persist.byStore.private = [ # this is a file of recent selections diff --git a/hosts/common/programs/brightnessctl.nix b/hosts/common/programs/brightnessctl.nix index 0178e3b5f..50449d09b 100644 --- a/hosts/common/programs/brightnessctl.nix +++ b/hosts/common/programs/brightnessctl.nix @@ -4,7 +4,7 @@ let in { sane.programs.brightnessctl = { - sandbox.method = "bunpen"; # also bwrap, but landlock is more responsive + sandbox.method = "bunpen"; sandbox.extraPaths = [ "/sys/class/backlight" "/sys/class/leds" diff --git a/hosts/common/programs/cozy.nix b/hosts/common/programs/cozy.nix index 0a9b305a0..7ff5519b0 100644 --- a/hosts/common/programs/cozy.nix +++ b/hosts/common/programs/cozy.nix @@ -15,7 +15,7 @@ buildCost = 1; - sandbox.method = "bwrap"; # landlock gives: _multiprocessing.SemLock: Permission Denied + sandbox.method = "bwrap"; sandbox.whitelistAudio = true; sandbox.whitelistDbus = [ "user" ]; # mpris sandbox.whitelistWayland = true; diff --git a/hosts/common/programs/koreader/default.nix b/hosts/common/programs/koreader/default.nix index 50b8fc224..32aa4c90c 100644 --- a/hosts/common/programs/koreader/default.nix +++ b/hosts/common/programs/koreader/default.nix @@ -45,7 +45,7 @@ let in { sane.programs.koreader = { packageUnwrapped = pkgs.koreader-from-src; - sandbox.method = "bwrap"; # sandboxes fine under landlock too, except for FTP + sandbox.method = "bwrap"; sandbox.net = "clearnet"; sandbox.whitelistDbus = [ "user" ]; # for opening the web browser via portal sandbox.whitelistDri = true; # reduces startup time and subjective page flip time