1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-12-26 03:39:47 +01:00

lorri: unbreak due to too tight sandboxing

lorri needs to be able to write to /run/user/uid for the socket, to its
own cache directory ~/.cache/lorri and to the directory for gc roots.
This commit is contained in:
Guillaume Girol 2024-01-01 09:56:03 +01:00 committed by Mikilio
parent 5af43a5137
commit d5a490f031
No known key found for this signature in database
GPG key ID: 5B2F1A890CF33F3F

View file

@ -52,6 +52,12 @@ in {
PrivateTmp = true; PrivateTmp = true;
ProtectSystem = "strict"; ProtectSystem = "strict";
ProtectHome = "read-only"; ProtectHome = "read-only";
ReadWritePaths = [
# /run/user/1000 for the socket
"%t"
"/nix/var/nix/gcroots/per-user/%u"
];
CacheDirectory = [ "lorri" ];
Restart = "on-failure"; Restart = "on-failure";
Environment = let Environment = let
path = with pkgs; path = with pkgs;