|
f2e1bb6b86
|
programs: python3-repl: sandbox
|
2024-02-25 18:52:55 +00:00 |
|
|
ca36fe1b96
|
programs: gnome.seahorse: sandbox
|
2024-02-25 12:03:42 +00:00 |
|
|
d2df668c9e
|
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
|
2024-02-25 12:00:00 +00:00 |
|
|
b7921ac41b
|
refactor: programs: sort
|
2024-02-25 11:53:49 +00:00 |
|
|
0745e9fc06
|
refactor: programs: split gnome-maps into own file
|
2024-02-25 09:06:32 +00:00 |
|
|
f714bd8281
|
programs: jq: sandbox
|
2024-02-25 01:59:01 +00:00 |
|
|
73b2594d9b
|
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
|
2024-02-25 01:59:01 +00:00 |
|
|
aa0991bd6c
|
persistence: cleanup so it all works well with symlink-based stores
|
2024-02-23 13:09:44 +00:00 |
|
|
24d1d13d0a
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
|
|
af03b3f6e8
|
xwayland: sandbox
|
2024-02-23 01:05:24 +00:00 |
|
|
5819f07181
|
programs: xwayland: sandbox
|
2024-02-22 22:12:03 +00:00 |
|
|
b8f090be93
|
programs: delfin: add required mpris permissions
|
2024-02-21 13:27:19 +00:00 |
|
|
5a0760a571
|
programs: sandbox oathtools
|
2024-02-21 00:03:48 +00:00 |
|
|
81148b7b42
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
|
|
6cf1bc5a28
|
programs: grep: sandbox
|
2024-02-20 23:32:28 +00:00 |
|
|
768b340c93
|
findutils: sandbox
use bwrap instead of landlock for the dumb preference that i can disable
net
|
2024-02-20 23:31:58 +00:00 |
|
|
a624571b22
|
move glib program recommendation into programs/assorted.nix
|
2024-02-20 12:11:26 +00:00 |
|
|
c7f4661c1c
|
programs: htop: persist config
|
2024-02-20 05:38:45 +00:00 |
|
|
e8306831c5
|
programs: qemu: mark as slowToBuild
|
2024-02-20 05:34:47 +00:00 |
|
|
2d17826731
|
programs: eza: sandbox with bwrap instead of landlock
|
2024-02-19 15:32:40 +00:00 |
|
|
de297f22be
|
programs: split sane-scripts out of assorted.nix
|
2024-02-19 14:19:10 +00:00 |
|
|
3effd59c9b
|
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
that gets more reliable environment importing, etc
|
2024-02-19 13:44:23 +00:00 |
|
|
44647e0d36
|
programs: forkstat: sandbox
|
2024-02-19 13:15:15 +00:00 |
|
|
67395bdcd3
|
programs: ship forkstat
|
2024-02-18 11:58:30 +00:00 |
|
|
f8663cd827
|
programs: monero-gui: sandbox
|
2024-02-17 16:06:58 +00:00 |
|
|
af1ee1734d
|
programs: wireguard-tools: sandbox
|
2024-02-17 15:54:16 +00:00 |
|
|
a729f91d21
|
programs: jq: add working sandbox criteria, but don't enable yet
i need to handle the extremely common `cat foo | jq .` without adding
`.` to the sandbox
|
2024-02-17 15:36:41 +00:00 |
|
|
a273b559e2
|
programs: gnome-disk-utility: sandbox
|
2024-02-17 15:36:28 +00:00 |
|
|
785b375671
|
programs: smartmontools (smartctl): sandbox
|
2024-02-17 15:36:13 +00:00 |
|
|
24cba0c856
|
programs: xq: remove
|
2024-02-17 15:30:23 +00:00 |
|
|
df1db5d01c
|
programs: sox: sandbox
|
2024-02-17 15:27:22 +00:00 |
|
|
d3e4bdfcd5
|
programs: gdisk: fix sandboxing
|
2024-02-17 15:26:16 +00:00 |
|
|
799cd4373f
|
programs: socat: disable
|
2024-02-17 15:11:12 +00:00 |
|
|
a1470956a5
|
programs: gdisk: sandbox
|
2024-02-17 14:57:33 +00:00 |
|
|
556c20bc04
|
programs: vulkan-tools: sandbox
|
2024-02-17 14:53:22 +00:00 |
|
|
cf5f58dda6
|
programs: nmap: sandbox
|
2024-02-17 14:51:26 +00:00 |
|
|
bbf7aac062
|
programs: gnome-frog: sandbox
|
2024-02-17 14:40:42 +00:00 |
|
|
7d1fd2f30a
|
programs: nvme-cli: sandbox
|
2024-02-17 14:40:29 +00:00 |
|
|
472987f164
|
programs: gimp: fix sandboxing failure
|
2024-02-17 13:43:35 +00:00 |
|
|
784c2145f3
|
programs: iputils: sandbox
|
2024-02-17 03:33:05 +00:00 |
|
|
0000afb315
|
programs: make nixosBuiltins package set more precise
|
2024-02-17 03:08:14 +00:00 |
|
|
31fa21bd20
|
programs: host/iproute2/iw/nettools/wirelesstools: sandbox
|
2024-02-17 03:05:58 +00:00 |
|
|
9510817604
|
programs: document nixosBuiltins programs
|
2024-02-17 02:40:28 +00:00 |
|
|
4a84de3ee4
|
programs: inetutils/iptables: sandbox
|
2024-02-17 02:32:57 +00:00 |
|
|
ab42a4cc5a
|
programs: qemu: disable sandbox
|
2024-02-17 01:43:58 +00:00 |
|
|
f6537b083a
|
programs: discord: add dbus to sandbox
|
2024-02-17 01:42:22 +00:00 |
|
|
1b4306e649
|
programs: switch bridge-utils, btrfs-progs from landlock -> bwrap
landlock can't isolate net yet, so bwrap gives better sandboxing
|
2024-02-16 15:32:41 +00:00 |
|
|
af8a8358bd
|
programs: hdparm: sandbox
|
2024-02-16 15:32:41 +00:00 |
|
|
464c6c56c5
|
programs: btrfs-progs: sandbox
|
2024-02-16 15:32:41 +00:00 |
|
|
8e314e8b73
|
programs: bridge-utils: sandbox
|
2024-02-16 15:32:41 +00:00 |
|