colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

gnome-keyring: ensure the keyring directory is created before entering the sandbox

Browse Source
This commit is contained in:
Colin
2024-03-16 09:21:28 +00:00
parent 70b5c57b50
commit df2310d590
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/gnome-keyring/default.nix
View File

@@ -8,7 +8,8 @@ in
sandbox.method = "bwrap"; sandbox.method = "bwrap";
sandbox.whitelistDbus = [ "user" ]; sandbox.whitelistDbus = [ "user" ];
sandbox.extraRuntimePaths = [ sandbox.extraRuntimePaths = [
"keyring/control" "keyring" #< only needs keyring/control, but has to *create* that.
# "keyring/control"
]; ];
sandbox.capabilities = [ sandbox.capabilities = [
# ipc_lock: used to `mlock` the secrets so they don't get swapped out. # ipc_lock: used to `mlock` the secrets so they don't get swapped out.
@@ -54,6 +55,7 @@ in
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets"; ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0700 -p %t/keyring";
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
RestartSec = "20s"; RestartSec = "20s";