|
|
9ba8ff738b
|
refactor: sane.programs.$foo.service: specify type concretely
|
2024-05-30 03:39:32 +00:00 |
|
|
|
f1d397940f
|
seatd: patch sandboxing for desko
|
2024-05-29 19:42:45 +00:00 |
|
|
|
fa94fa8e6c
|
seatd: sandbox with bwrap
it always surprises my that you can sandbox something with cap_sys_admin like this...
i think this works *only* because the user is root
|
2024-05-29 19:09:57 +00:00 |
|
|
|
4b9c125c8c
|
seatd: sandbox
|
2024-05-29 18:58:38 +00:00 |
|
|
|
0f7d25d8a5
|
doc: sway: say why i wrapperType = "inplace"
|
2024-05-29 18:58:05 +00:00 |
|
|
|
140641729e
|
gvfs: disable (it was broken)
|
2024-05-29 18:39:31 +00:00 |
|
|
|
32124d76bf
|
cups: disable (not currently used, and not sandboxed)
|
2024-05-29 18:33:17 +00:00 |
|
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
|
29bc1608aa
|
sway: remove sandbox input which are no longer necessary
|
2024-05-29 17:07:18 +00:00 |
|
|
|
635ca1e5d8
|
seatd: pull the service definition into my own repo
this will allow me to configure the package
|
2024-05-29 16:34:32 +00:00 |
|
|
|
2789868703
|
seatd: split out of sway conf
|
2024-05-29 16:22:52 +00:00 |
|
|
|
c40ec1990a
|
sshd: disable systemd integration
|
2024-05-29 15:57:19 +00:00 |
|
|
|
d4dfcd6510
|
login: remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
|
7c8a18ecbd
|
systemd: remove no-longer-used user@1000 override
|
2024-05-29 12:56:19 +00:00 |
|
|
|
35ff7de06e
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 12:55:51 +00:00 |
|
|
|
00d06db66a
|
make-sandboxed: handle more systemd service files
|
2024-05-29 12:54:44 +00:00 |
|
|
|
c570b7bf5d
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 11:30:33 +00:00 |
|
|
|
770fc2e574
|
systemd: fix typod IgnoreOnIsolate option
|
2024-05-29 11:30:33 +00:00 |
|
|
|
0ed7eb24fb
|
programs: assorted: remove legacy programs.feedback setting
|
2024-05-29 11:30:33 +00:00 |
|
|
|
ad8e75b6a3
|
programs: assorted: remove /var/lib/alsa persistence; doesnt seem to be needed
|
2024-05-29 11:30:33 +00:00 |
|
|
|
e8dbe0750d
|
networkmanager: fix sandbox to actually work with systemd-resolved
|
2024-05-29 10:34:24 +00:00 |
|
|
|
1378988f21
|
desko: *really* disable wpa_supplicant
|
2024-05-29 10:34:03 +00:00 |
|
|
|
b88467771e
|
doc: trust-dns: fix wan.txt example path
|
2024-05-29 09:33:59 +00:00 |
|
|
|
4309d887da
|
wpa_supplicant: remove unused services
|
2024-05-29 09:33:25 +00:00 |
|
|
|
1ee21c4795
|
NetworkManager: run as user instead of root
|
2024-05-29 09:16:30 +00:00 |
|
|
|
fb7bcbb5f5
|
NetworkManager-wait-online: fix missing sanebox path
|
2024-05-29 01:37:15 +00:00 |
|
|
|
0013e8305e
|
networkmanager: cleanup
|
2024-05-29 01:35:38 +00:00 |
|
|
|
7dedfcebb9
|
networkmanager: sandbox
|
2024-05-29 01:33:15 +00:00 |
|
|
|
753b97ffb4
|
todo.md: mark hosts/modules/gui cleanup as complete
|
2024-05-28 16:51:29 +00:00 |
|
|
|
247fc1f887
|
hosts/modules/gui: fold into hosts/common/programs
|
2024-05-28 16:51:02 +00:00 |
|
|
|
3c2ca46ef9
|
hosts/modules/gui/gtk: hoist to sane.programs.sane-theme
|
2024-05-28 16:44:27 +00:00 |
|
|
|
95dc395925
|
hosts/modules/gui/theme: lift my sway background up into its own package
|
2024-05-28 15:48:37 +00:00 |
|
|
|
cefd6c0534
|
documentation improvements
|
2024-05-28 13:36:01 +00:00 |
|
|
|
05efec8fd7
|
wg-home: decrease the refresh timeout
|
2024-05-28 13:36:01 +00:00 |
|
|
|
e8846b2d6b
|
wpa_supplicant: sandbox
|
2024-05-28 13:36:01 +00:00 |
|
|
|
be38d56717
|
make-sandboxed: handle more systemd/dbus service file locations
|
2024-05-28 13:36:01 +00:00 |
|
|
|
7d242ab02c
|
sane-battery-estimate: sandbox
|
2024-05-28 09:41:04 +00:00 |
|
|
|
47611eaa26
|
sane-weather: sandbox
|
2024-05-28 09:38:04 +00:00 |
|
|
|
9719f0f785
|
mpv: relax sandboxing for the sake of subtitle downloading
|
2024-05-28 09:37:57 +00:00 |
|
|
|
8042ea76e6
|
assorted programs: specify sandbox.autodetectCliPaths variant more precisely than just true
|
2024-05-28 07:14:27 +00:00 |
|
|
|
c59236509b
|
sane-cast: sandbox
|
2024-05-28 07:07:11 +00:00 |
|
|
|
50e5206b0e
|
todo.md: document that moby touchscreen stays on even when the screen is disabled
|
2024-05-28 05:27:37 +00:00 |
|
|
|
4ba0343315
|
networkmanager: hoist some lib.mkIfs up a few levels
would you believe one of these attributes was being set without a mkIf cfg.enabled guard :)
|
2024-05-28 05:27:23 +00:00 |
|
|
|
cbe6072c03
|
polyunfill: remove policykit suid wrappers
|
2024-05-28 05:24:37 +00:00 |
|
|
|
bea1fd95e5
|
polyunfill: disable dbus-daemon-launch-helper suid wrapper
|
2024-05-28 05:14:06 +00:00 |
|
|
|
ae544c0649
|
polyunfill: disable mount/umount suid wrappers
|
2024-05-28 05:02:26 +00:00 |
|
|
|
b571f70988
|
polyunfill: remove fusermount suid wrapper
|
2024-05-28 04:56:14 +00:00 |
|
|
|
e6498ad152
|
notejot: fix sandboxing
|
2024-05-28 03:59:31 +00:00 |
|
|
|
976b8ae45e
|
rofi-snippets: make the filtering case insensitive, and improve ellipsis placement come 1.7.6
|
2024-05-28 03:38:36 +00:00 |
|
