nix: pass method string directly
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
40d0550ad3
commit
d49b97b1d4
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
16
nixos.nix
16
nixos.nix
|
|
@ -146,11 +146,12 @@ in
|
||||||
|
|
||||||
method = mkOption {
|
method = mkOption {
|
||||||
type = enum [
|
type = enum [
|
||||||
"fortify"
|
"simple"
|
||||||
"fortify-sudo"
|
|
||||||
"sudo"
|
"sudo"
|
||||||
|
"bubblewrap"
|
||||||
|
"systemd"
|
||||||
];
|
];
|
||||||
default = "fortify";
|
default = "systemd";
|
||||||
description = ''
|
description = ''
|
||||||
Launch method for the sandboxed program.
|
Launch method for the sandboxed program.
|
||||||
'';
|
'';
|
||||||
|
|
@ -249,17 +250,16 @@ in
|
||||||
+ (if launcher.dbus.mpris then " -mpris" else "")
|
+ (if launcher.dbus.mpris then " -mpris" else "")
|
||||||
+ (if launcher.dbus.id != null then " -dbus-id ${launcher.dbus.id}" else "")
|
+ (if launcher.dbus.id != null then " -dbus-id ${launcher.dbus.id}" else "")
|
||||||
+ (if dbusConfig != null then " -dbus-config ${dbusConfig}" else "")
|
+ (if dbusConfig != null then " -dbus-config ${dbusConfig}" else "")
|
||||||
+ (if dbusSystem != null then " -dbus-system ${dbusSystem}" else "")
|
+ (if dbusSystem != null then " -dbus-system ${dbusSystem}" else "");
|
||||||
+ (if launcher.method == "fortify-sudo" then " -sudo" else "");
|
|
||||||
in
|
in
|
||||||
pkgs.writeShellScriptBin name (
|
pkgs.writeShellScriptBin name (
|
||||||
if launcher.method == "sudo" then
|
if launcher.method == "simple" then
|
||||||
''
|
''
|
||||||
exec sudo -u ${user} -i ${command} $@
|
exec sudo -u ${user} -i ${command} $@
|
||||||
''
|
''
|
||||||
else
|
else
|
||||||
''
|
''
|
||||||
exec fortify${capArgs} -u ${user} ${cfg.shell} -c "exec ${command} $@"
|
exec fortify${capArgs} -method ${launcher.method} -u ${user} ${cfg.shell} -c "exec ${command} $@"
|
||||||
''
|
''
|
||||||
)
|
)
|
||||||
) launchers;
|
) launchers;
|
||||||
|
|
@ -274,7 +274,7 @@ in
|
||||||
link = source: "[ -d '${source}' ] && ln -sv '${source}' $out/share || true";
|
link = source: "[ -d '${source}' ] && ln -sv '${source}' $out/share || true";
|
||||||
in
|
in
|
||||||
shares
|
shares
|
||||||
++ optional (launcher.method == "fortify") (
|
++ optional (launcher.method != "simple" && (launcher.capability.wayland || launcher.capability.x11)) (
|
||||||
pkgs.runCommand "${name}-share" { } ''
|
pkgs.runCommand "${name}-share" { } ''
|
||||||
mkdir -p $out/share
|
mkdir -p $out/share
|
||||||
${link "${pkg}/share/applications"}
|
${link "${pkg}/share/applications"}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue