programs: gnome.seahorse: sandbox

2024-02-25 12:03:42 +00:00 · 2024-02-25 12:03:42 +00:00 · ca36fe1b96
commit ca36fe1b96
parent d2df668c9e
1 changed files with 7 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -448,6 +448,13 @@ in
    "gnome.gnome-disk-utility".sandbox.whitelistDbus = [ "system" ];
    "gnome.gnome-disk-utility".sandbox.whitelistWayland = true;

+    # seahorse: dump gnome-keyring secrets.
+    # N.B.: it can also manage ~/.ssh keys, but i explicitly don't add those to the sandbox for now.
+    "gnome.seahorse".sandbox.method = "bwrap";
+    "gnome.seahorse".sandbox.wrapperType = "wrappedDerivation";
+    "gnome.seahorse".sandbox.whitelistDbus = [ "user" ];
+    "gnome.seahorse".sandbox.whitelistWayland = true;
+
    gnome-2048.sandbox.method = "bwrap";
    gnome-2048.sandbox.wrapperType = "wrappedDerivation";
    gnome-2048.sandbox.whitelistWayland = true;