pipewire,wireplumber: fix sandboxing to allow portal-based camera apps (i.e. snapshot)
This commit is contained in:
@@ -45,8 +45,21 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# disabling systemd causes pipewire to be built with direct udev support instead
|
packageUnwrapped = pkgs.pipewire.override {
|
||||||
packageUnwrapped = pkgs.pipewire.override { enableSystemd = false; };
|
# disabling systemd causes pipewire to be built with direct udev support instead.
|
||||||
|
# i added this probably because i don't use system'd logind?
|
||||||
|
enableSystemd = false;
|
||||||
|
# XXX(2024-11-29): patch to fix camera support on moby.
|
||||||
|
# see: <https://github.com/NixOS/nixpkgs/pull/353336>
|
||||||
|
# this is identical to the above patch, but less costly than cherry-picking it into nixpkgs-bootstrap,
|
||||||
|
# as that would force mass rebuilds.
|
||||||
|
# **remove once 353336 is merged**.
|
||||||
|
libcamera = pkgs.libcamera.overrideAttrs (upstream: {
|
||||||
|
postFixup = (upstream.postFixup or "") + ''
|
||||||
|
../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
suggestedPrograms = [
|
suggestedPrograms = [
|
||||||
# "rtkit"
|
# "rtkit"
|
||||||
@@ -55,16 +68,16 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
sandbox.whitelistAudio = true;
|
sandbox.whitelistAudio = true;
|
||||||
# sandbox.whitelistDbus = [
|
sandbox.whitelistDbus = [
|
||||||
# # dbus is used for rtkit integration
|
# dbus is used for rtkit integration
|
||||||
# # rtkit runs on the system bus.
|
# rtkit runs on the system bus.
|
||||||
# # xdg-desktop-portal then exposes this to the user bus.
|
# xdg-desktop-portal then exposes this to the user bus.
|
||||||
# # therefore, user bus should be all that's needed, but...
|
# therefore, user bus should be all that's needed, but...
|
||||||
# # xdg-desktop-portal-wlr depends on pipewire, hence pipewire has to start before xdg-desktop-portal.
|
# xdg-desktop-portal-wlr depends on pipewire, hence pipewire has to start before xdg-desktop-portal.
|
||||||
# # then, pipewire has to talk specifically to rtkit (system) and not go through xdp.
|
# then, pipewire has to talk specifically to rtkit (system) and not go through xdp.
|
||||||
# # "user"
|
# "system" #< not required UNLESS i want rtkit integration
|
||||||
# "system"
|
"user" #< required for camera sharing, especially through xdg-desktop-portal, e.g. `snapshot` application
|
||||||
# ];
|
];
|
||||||
sandbox.wrapperType = "inplace"; #< its config files refer to its binaries by full path
|
sandbox.wrapperType = "inplace"; #< its config files refer to its binaries by full path
|
||||||
sandbox.keepPidsAndProc = true; #< TODO: why?
|
sandbox.keepPidsAndProc = true; #< TODO: why?
|
||||||
sandbox.whitelistAvDev = true;
|
sandbox.whitelistAvDev = true;
|
||||||
|
@@ -6,10 +6,10 @@
|
|||||||
pipewire = config.sane.programs.pipewire.packageUnwrapped;
|
pipewire = config.sane.programs.pipewire.packageUnwrapped;
|
||||||
};
|
};
|
||||||
|
|
||||||
# sandbox.whitelistDbus = [
|
sandbox.whitelistDbus = [
|
||||||
# "system" #< so it can request better scheduling from rtkit
|
# "system" #< so it can request better scheduling from rtkit
|
||||||
# # "user" #< apparently not needed?
|
"user" #< required for camera sharing, especially through xdg-desktop-portal, e.g. `snapshot` application
|
||||||
# ];
|
];
|
||||||
sandbox.whitelistAudio = true;
|
sandbox.whitelistAudio = true;
|
||||||
sandbox.whitelistAvDev = true;
|
sandbox.whitelistAvDev = true;
|
||||||
# sandbox.keepPids = true; #< needed if i want rtkit to grant this higher scheduling priority
|
# sandbox.keepPids = true; #< needed if i want rtkit to grant this higher scheduling priority
|
||||||
|
Reference in New Issue
Block a user