eeva/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-06-13 18:23:39 +02:00
Code Issues Releases Wiki Activity

lorri: unbreak due to too tight sandboxing

Browse Source 
lorri needs to be able to write to /run/user/uid for the socket, to its
own cache directory ~/.cache/lorri and to the directory for gc roots.

(cherry picked from commit f06edaf18b)
This commit is contained in:
Guillaume Girol 2024-01-01 09:56:03 +01:00 committed by Robert Helgesson
parent d5824a76bc
commit 7e398b3d76
No known key found for this signature in database
GPG Key ID: 96E745BD17AA17ED
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/services/lorri.nix
View File

@ -52,6 +52,12 @@ in {
PrivateTmp = true; PrivateTmp = true;
ProtectSystem = "strict"; ProtectSystem = "strict";
ProtectHome = "read-only"; ProtectHome = "read-only";
ReadWritePaths = [
# /run/user/1000 for the socket
"%t"
"/nix/var/nix/gcroots/per-user/%u"
];
CacheDirectory = [ "lorri" ];
Restart = "on-failure"; Restart = "on-failure";
Environment = let Environment = let
path = with pkgs; path = with pkgs;