From 7ba31a2e75ad4bda2cff011b3b751db1ef439d99 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Mon, 29 Jul 2024 16:39:59 +0800 Subject: [PATCH] wrapper-manager/sandboxing: add wraparound under namespace Each wrapper represents one... wrapper anyways so it is fine to have this. If nothing else applies, you could still make the specific sandboxing module to have its own wraparound option namespace. That practice should be discouraged though. --- modules/wrapper-manager/sandboxing/bubblewrap/default.nix | 5 ++++- modules/wrapper-manager/sandboxing/default.nix | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix index 359316e3..d886d34d 100644 --- a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix +++ b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix @@ -87,7 +87,10 @@ in config.env; arg0 = lib.getExe' submoduleCfg.package "bwrap"; - prependArgs = lib.mkBefore (submoduleCfg.extraArgs ++ [ "--" submoduleCfg.wraparound.executable ] ++ submoduleCfg.wraparound.extraArgs); + prependArgs = lib.mkBefore + (submoduleCfg.extraArgs + ++ [ "--" config.sandboxing.wraparound.executable ] + ++ config.sandboxing.wraparound.extraArgs); } (lib.mkIf submoduleCfg.enableNetwork { diff --git a/modules/wrapper-manager/sandboxing/default.nix b/modules/wrapper-manager/sandboxing/default.nix index 8e47c2cc..72a5179f 100644 --- a/modules/wrapper-manager/sandboxing/default.nix +++ b/modules/wrapper-manager/sandboxing/default.nix @@ -7,7 +7,7 @@ options.wrappers = let - sandboxingType = { name, lib, config, ... }: { + sandboxingType = { name, lib, config, options, ... }: { options.sandboxing = { variant = lib.mkOption { type = with lib.types; nullOr (enum []); @@ -18,6 +18,11 @@ default = null; example = "bubblewrap"; }; + + wraparound = { + executable = options.arg0; + extraArgs = options.extraArgs; + }; }; }; in