cat
/
fortify
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

nix: pass method string directly 

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-09-13 11:54:23 +09:00
parent 40d0550ad3
commit d49b97b1d4
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos.nix
View File

@ -146,11 +146,12 @@ in
method = mkOption { method = mkOption {
type = enum [ type = enum [
"fortify" "simple"
"fortify-sudo"
"sudo" "sudo"
"bubblewrap"
"systemd"
]; ];
default = "fortify"; default = "systemd";
description = '' description = ''
Launch method for the sandboxed program. Launch method for the sandboxed program.
''; '';
@ -249,17 +250,16 @@ in
+ (if launcher.dbus.mpris then " -mpris" else "") + (if launcher.dbus.mpris then " -mpris" else "")
+ (if launcher.dbus.id != null then " -dbus-id ${launcher.dbus.id}" else "") + (if launcher.dbus.id != null then " -dbus-id ${launcher.dbus.id}" else "")
+ (if dbusConfig != null then " -dbus-config ${dbusConfig}" else "") + (if dbusConfig != null then " -dbus-config ${dbusConfig}" else "")
+ (if dbusSystem != null then " -dbus-system ${dbusSystem}" else "") + (if dbusSystem != null then " -dbus-system ${dbusSystem}" else "");
+ (if launcher.method == "fortify-sudo" then " -sudo" else "");
in in
pkgs.writeShellScriptBin name ( pkgs.writeShellScriptBin name (
if launcher.method == "sudo" then if launcher.method == "simple" then
'' ''
exec sudo -u ${user} -i ${command} $@ exec sudo -u ${user} -i ${command} $@
'' ''
else else
'' ''
exec fortify${capArgs} -u ${user} ${cfg.shell} -c "exec ${command} $@" exec fortify${capArgs} -method ${launcher.method} -u ${user} ${cfg.shell} -c "exec ${command} $@"
'' ''
) )
) launchers; ) launchers;
@ -274,7 +274,7 @@ in
link = source: "[ -d '${source}' ] && ln -sv '${source}' $out/share || true"; link = source: "[ -d '${source}' ] && ln -sv '${source}' $out/share || true";
in in
shares shares
++ optional (launcher.method == "fortify") ( ++ optional (launcher.method != "simple" && (launcher.capability.wayland || launcher.capability.x11)) (
pkgs.runCommand "${name}-share" { } '' pkgs.runCommand "${name}-share" { } ''
mkdir -p $out/share mkdir -p $out/share
${link "${pkg}/share/applications"} ${link "${pkg}/share/applications"}