colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: dino: restrict dbus

Browse Source
This commit is contained in:
Colin
2025-01-10 01:56:25 +00:00
parent 3fffc50975
commit ec816311f9
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/common/programs/dino.nix
View File

@@ -58,14 +58,22 @@ in
webrtc-audio-processing = null; webrtc-audio-processing = null;
}; };
suggestedPrograms = [ # suggestedPrograms = [
"gnome-keyring" # "gnome-keyring"
]; # ];
sandbox.net = "clearnet"; sandbox.net = "clearnet";
sandbox.whitelistAudio = true; sandbox.whitelistAudio = true;
sandbox.whitelistDbus.user = true; #< TODO: reduce # notifications # sandbox.whitelistDbus.user.call."org.freedesktop.secrets" = "*"; #< apparently not needed?
sandbox.whitelistDbus.user.own = [ "im.dino.Dino" ];
sandbox.whitelistDri = true; #< not strictly necessary, but we need all the perf we can get on moby sandbox.whitelistDri = true; #< not strictly necessary, but we need all the perf we can get on moby
sandbox.whitelistSendNotifications = true;
sandbox.whitelistPortal = [
# "FileChooser"
# "NetworkMonitor" #< stderr message if omitted, but non-fatal
"OpenURI"
"ProxyResolver" #< REQUIRED, else all peers will appear offline & messages can't be sent/received
];
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"