|
080bd856ec
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
|
1a18ed533b
|
programs: don't include dbus in the sandbox by default
|
2024-02-13 11:58:33 +00:00 |
|
|
634dc318cd
|
programs: spotify: remove old/unused firejail config
|
2024-02-13 11:15:30 +00:00 |
|
|
6eaaeeb91a
|
programs: remove audio from the sandbox by default
|
2024-02-13 11:14:38 +00:00 |
|
|
c9af5bf9b4
|
programs: sandboxing: enable net isolation for most sandboxed programs
|
2024-02-08 21:51:32 +00:00 |
|
|
db6ba61429
|
programs: sandbox more apps with wrapperType=wrappedDerivation
|
2024-01-29 13:45:57 +00:00 |
|
|
f148334b58
|
programs: port extraFirejailConfig to extraConfig
|
2024-01-23 14:57:33 +00:00 |
|
|
38fd171713
|
spotify: sandbox with bwrap instead of firejail
|
2024-01-23 12:12:56 +00:00 |
|
|
df861a3ef0
|
programs: firejail: inject custom firejail config through /etc/firejail
this improves rebuild times, and makes it easier for packages to inject their own free-form config
|
2024-01-22 11:12:18 +00:00 |
|
|
28d4a4b065
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
|
8859b4cf8a
|
programs: persist data better for spotify, brave, tor
|
2023-10-16 19:18:47 +00:00 |
|