colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
8,026 Commits 141 Branches 1 Tag
454c109ef8aa94827eefb838730df54e95131b51
Commit Graph

8026 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
454c109ef8 seatd: sandbox with bunpen 2024-09-07 15:39:50 +00:00
Colin
4dfc0bf323 sane-open: fix keyboard toggling to be compatible with bunpen 2024-09-07 08:36:32 +00:00
Colin
2d1e7777e8 sm64ex-coop-deluxe: ship (and configure so that you dont have to drag the rom) 2024-09-07 06:21:11 +00:00
Colin
1d5f71f935 satellite: sandbox with bunpen 2024-09-07 05:44:40 +00:00
Colin
41a132dd9a geoclue-demo-agent: sandbox with bunpen 2024-09-07 04:31:53 +00:00
Colin
51350d228d where-am-i: sandbox with bunpen 2024-09-07 04:29:45 +00:00
Colin
e9a289cc87 gps-share: sandbox with bunpen 2024-09-07 04:27:20 +00:00
Colin
de47a0521d wvkbd: sandbox with bunpen 2024-09-07 02:14:20 +00:00
Colin
412e698786 bunpen: forward signals through the PID namespace 
this should enable things like wvkbd -- which depend on signals -- to function while sandboxed
 2024-09-07 01:43:34 +00:00
Colin
ed7c5ef89a bunpen: forward signals to the child 
note that pid namespaces will silently not deliver signals to PID 1 for which no handler is installed... i'll have to either install an intermediary PID 1 which forwards to the real process, or peek into /proc/PID/status to check if the signal is deliverable before/after sending it (but that's racy, and eww parsing)
 2024-09-06 23:16:10 +00:00
Colin
9814cb5ad7 bunpen: errors::ext::check: supoort errors::error 2024-09-06 23:13:21 +00:00
Colin
b6d8aa614c bunpen: fix so the integration tests are actually run during the nix build 
heh
 2024-09-06 18:29:20 +00:00
Colin
24440b059c bunpen: write tests for signal deliverability (which shows that the current behavior is incorrect) 2024-09-06 18:12:05 +00:00
Colin
53ec44b3de nixpkgs: 0-unstable-2024-09-05 -> 24.05-unstable-2024-09-06 
N.B.: the different "revs" got merged again while i wasnt looking...
 2024-09-06 17:00:05 +00:00
Colin
e9cd3069fa nixpkgs-wayland: 0-unstable-2024-09-02 -> 0-unstable-2024-09-06 2024-09-06 16:59:23 +00:00
Colin
7b4fc029b2 sops-nix: assets-unstable-2024-09-01 -> assets-unstable-2024-09-05 2024-09-06 16:59:03 +00:00
Colin
cc6e99361d uassets: 0-unstable-2024-09-05 -> 0-unstable-2024-09-06 2024-09-06 16:58:46 +00:00
Colin
ca3dc42586 rsync: sandbox with tryKeepUsers. this lets us rsync things owned by any user, not just the non-superuser invoker 2024-09-06 06:33:45 +00:00
Colin
8255e419be modules/programs: rename "keepUsers" -> "tryKeepUsers" 2024-09-06 06:32:49 +00:00
Colin
9bd5a7e4e4 bunpen: implement --bunpen-try-keep-users to try to keep the user namespace, but create a new one if keeping the existing one would require less sandboxing elsewhere 2024-09-06 06:25:27 +00:00
Colin
baf5aab4b9 sshfs-fuse: sandbox with bunpen 2024-09-06 06:04:23 +00:00
Colin
ce7474603f sway: fix config to not use Xwayland-specific settings 2024-09-06 05:41:34 +00:00
Colin
bf6053985f xwayland: sandbox with bunpen 2024-09-06 05:34:08 +00:00
Colin
c0106c9196 scripts/deploy: deploy to moby over wireguard by default, but allow this to be customized broadly 2024-09-06 05:30:59 +00:00
Colin
038e21a447 schlock: sandbox with bunpen 2024-09-06 05:27:19 +00:00
Colin
6596bad162 foliate: sandbox with bunpen 2024-09-06 05:25:20 +00:00
Colin
c46c5bb3ca komikku: sandbox with bunpen 2024-09-06 05:24:48 +00:00
Colin
8079cc47bf nwg-panel: simplify sandbox definition 2024-09-06 05:23:33 +00:00
Colin
8c802ddc1a epiphany: sandbox with bunpen 2024-09-06 05:23:00 +00:00
Colin
1ed27c166e wike: sandbox with bunpen 2024-09-06 05:21:55 +00:00
Colin
82dcd40829 sane-input-handler: sandbox with bunpen 2024-09-06 05:21:38 +00:00
Colin
c6af2c8e02 bonsai: sandbox with bunpen 2024-09-06 05:20:51 +00:00
Colin
8bdb711968 grimshot: fix sandboxing so that wl-clipboard can actually copy stuff to the clipboard 2024-09-06 04:57:53 +00:00
Colin
4b96d10980 swappy: sandbox with bunpen 2024-09-06 04:35:50 +00:00
Colin
346b887779 sane-screenshot: simplify by using grimshot savecopy command instead of separate copy + wl-paste tio file 2024-09-06 04:34:51 +00:00
Colin
6e30527688 modules/programs: simplfiy the common combination of keeping pids AND /proc by introducing "keepPidsAndProc" 2024-09-06 04:18:46 +00:00
Colin
9340f52df1 modules/programs: rename isolatePids -> keepPids, isolateUsers -> keepUsers 
this follows my explicit whitelisting elsewhere
 2024-09-06 04:06:42 +00:00
Colin
cc90183ca2 blast-ugjka: sandbox with bunpen 2024-09-06 03:52:36 +00:00
Colin
31d475bf88 sane-cast: sandbox with bunpen 2024-09-06 03:42:03 +00:00
Colin
329a02f475 gnome-keyring-daemon: sandbox with bunpen 2024-09-06 03:12:00 +00:00
Colin
e3dda5b140 grimshot: sandbox with bunpen 2024-09-06 02:31:20 +00:00
Colin
876ec637c2 stepmania: shift the data dir patch upstream 2024-09-06 02:21:08 +00:00
Colin
d338826855 stepmania: sandbox with bunpen 2024-09-06 01:44:11 +00:00
Colin
b770a77257 stepmania: simplify the wrapping 2024-09-06 01:41:20 +00:00
Colin
b289f13779 stepmania: wrap in a way which doesnt require manually cding to the data dir 2024-09-06 01:19:13 +00:00
Colin
d8664cd88b stepmania: fix fs paths to point to valid data 2024-09-06 01:17:21 +00:00
Colin
5270c41347 avahi: fix ip6tables firewall rule 2024-09-06 01:17:21 +00:00
Colin
850c975321 modules/programs: when sandboxing, use makeBinaryWrapper if supported 2024-09-06 01:17:21 +00:00
Colin
b1b12c353d sm64ex-coop-deluxe: init 2024-09-05 23:43:42 +00:00
Colin
3934d9c5a5 sway: fix sm64ex syntax error 2024-09-05 23:39:21 +00:00