colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: re-enable sandbox for tumiki-fighters and losslesscut (X applications)

Browse Source
This commit is contained in:
Colin 2024-02-15 00:09:40 +00:00
parent 5f1036118f
commit dcc2eb265d
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/common/programs/assorted.nix
View File

@ -385,20 +385,20 @@ in
libnotify.sandbox.wrapperType = "wrappedDerivation";
libnotify.sandbox.whitelistDbus = [ "user" ]; # notify-send
# TODO: losslesscut: requires X server (Xwayland); sandbox can't find it..?
# losslesscut-bin.sandbox.method = "bwrap";
# losslesscut-bin.sandbox.wrapperType = "wrappedDerivation";
# losslesscut-bin.sandbox.extraHomePaths = [
# "Music"
# "Pictures" # i have some videos in there too.
# "Pictures/servo-macros"
# "Videos"
# "Videos/servo"
# "tmp"
# ];
# losslesscut-bin.sandbox.whitelistAudio = true;
# losslesscut-bin.sandbox.whitelistDri = true;
# losslesscut-bin.sandbox.whitelistWayland = true;
losslesscut-bin.sandbox.method = "bwrap";
losslesscut-bin.sandbox.wrapperType = "wrappedDerivation";
losslesscut-bin.sandbox.extraHomePaths = [
"Music"
"Pictures" # i have some videos in there too.
"Pictures/servo-macros"
"Videos"
"Videos/servo"
"tmp"
];
losslesscut-bin.sandbox.whitelistAudio = true;
losslesscut-bin.sandbox.whitelistDri = true;
losslesscut-bin.sandbox.whitelistWayland = true;
losslesscut-bin.sandbox.whitelistX = true;
mercurial.sandbox.method = "bwrap"; # TODO:sandbox: untested
mercurial.sandbox.wrapperType = "wrappedDerivation";
@ -510,12 +510,12 @@ in
tree.sandbox.autodetectCliPaths = true;
tree.sandbox.whitelistPwd = true;
# TODO: tumiki-fighters: requires X server (Xwayland); sandbox can't find it..?
# tumiki-fighters.sandbox.method = "bwrap";
# tumiki-fighters.sandbox.wrapperType = "wrappedDerivation";
# tumiki-fighters.sandbox.whitelistAudio = true;
# tumiki-fighters.sandbox.whitelistDri = true; #< TODO: not sure if necessary
# tumiki-fighters.sandbox.whitelistWayland = true;
tumiki-fighters.sandbox.method = "bwrap";
tumiki-fighters.sandbox.wrapperType = "wrappedDerivation";
tumiki-fighters.sandbox.whitelistAudio = true;
tumiki-fighters.sandbox.whitelistDri = true; #< not strictly necessary, but triples CPU perf
tumiki-fighters.sandbox.whitelistWayland = true;
tumiki-fighters.sandbox.whitelistX = true;
unzip.sandbox.method = "bwrap";
unzip.sandbox.wrapperType = "wrappedDerivation";