gparted: sandbox with bunpen

hosts/common/programs/assorted.nix

@@ -672,7 +672,8 @@ in
     ];
 
     # gparted: run with `sudo -E gparted` (-E to keep the wayland socket)
-    gparted.sandbox.method = "landlock";
+    gparted.sandbox.method = "bunpen";
+    gparted.sandbox.tryKeepUsers = true;
     gparted.sandbox.capabilities = [ "dac_override" "sys_admin" ];
     gparted.sandbox.extraPaths = [
       "/dev"  #< necessary to see any devices
@@ -682,6 +683,7 @@ in
     gparted.sandbox.extraRuntimePaths = [
       "dconf"  #< silences "unable to create file '/run/user/colin/dconf/user': Permission denied.  dconf will not work properly."
     ];
+    gparted.sandbox.whitelistWayland = true;
 
     hping.sandbox.method = "bunpen";
     hping.sandbox.net = "all";