Commit graph

9 commits

Author SHA1 Message Date
Simon Bruder f945341668
Relicense
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:35:31 +01:00
Simon Bruder 37219a1dd1
bwrap-helper: Include user bus 2023-12-13 14:16:54 +01:00
Simon Bruder 18652c7580
bwrap-helper: Always bind /etc/ssl/certs
The bwrap fhs userenv uses readlink -f to resolve symlinks. It is called
in the argument list of bwrap like this:

  --ro-bind-try $(readlink -f /etc/ssl/certs) /etc/ssl/certs

Normally, readlink -f returns the passed path if there is no file at the
path. However, this only works, if the parent directory of the file
exists. Thus if /etc/ssl does not exist, readlink -f /etc/ssl/certs will
return nothing. This causes the argument list of bwrap to be wrong (it
has only one argument to --ro-bind-try when it expected two), which
causes it to fail with hard to track down errors.
2022-03-12 16:42:06 +01:00
Simon Bruder 5c0d4439e8
bwrap-helper: Reuse system’s PATH
Otherwise running in nix-shell does not make the binaries from the
temporary environment available inside the sandbox.
2021-09-10 23:33:31 +02:00
Simon Bruder 7fdc470595
bwrap-helper: Add pipewire alsa compatibility 2021-07-10 12:44:54 +02:00
Simon Bruder e94d0227fe
Use black 2021-06-01 00:02:27 +02:00
Simon Bruder 4c60f99b76
pkgs/bwrap-helper: Pass through dev-bind(-try) 2021-04-25 09:54:49 +02:00
Simon Bruder 73f4c7080b
bwrap-helper: Do not filter dbus socket
This is not ideal security-wise, but the only way to protect my sanity
from whatever steam and some of my games try to do with the dbus socket.
2021-01-09 12:53:34 +01:00
Simon Bruder e2d93ea30e
Add bwrap-helper 2021-01-07 17:11:31 +01:00