colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/programs: properly forward autodetectCliPaths to the sandboxer

Browse Source
This commit is contained in:
Colin
2024-01-28 10:31:07 +00:00
parent e84da827c2
commit f100595257
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/programs/default.nix
View File

@@ -43,7 +43,7 @@ let
in in
makeSandboxed { makeSandboxed {
inherit pkgName package; inherit pkgName package;
inherit (sandbox) binMap capabilities embedProfile extraConfig method whitelistPwd wrapperType; inherit (sandbox) autodetectCliPaths binMap capabilities embedProfile extraConfig method whitelistPwd wrapperType;
vpn = if net == "vpn" then vpn else null; vpn = if net == "vpn" then vpn else null;
allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths; allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths;
allowedRootPaths = [ allowedRootPaths = [

2
modules/programs/make-sandboxed.nix
View File

@@ -34,7 +34,7 @@ let
runHook postFixup runHook postFixup
''; '';
in in
{ pkgName, package, method, wrapperType, vpn ? null, allowedHomePaths ? [], allowedRootPaths ? [], autodetectCliPaths ? false, binMap ? {}, capabilities ? [], extraConfig ? [], embedProfile ? false, whitelistPwd ? false }: { pkgName, package, method, wrapperType, vpn ? null, allowedHomePaths ? [], allowedRootPaths ? [], autodetectCliPaths ? false, binMap ? {}, capabilities ? [], embedProfile ? false, extraConfig ? [], whitelistPwd ? false }:
let let
sane-sandboxed' = sane-sandboxed.meta.mainProgram; #< load by bin name to reduce rebuilds sane-sandboxed' = sane-sandboxed.meta.mainProgram; #< load by bin name to reduce rebuilds