From 9428bc047212882e8aea2dcf19755a1e676ff39c Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Thu, 1 Aug 2024 09:01:05 +0800 Subject: [PATCH] wrapper-manager/sandboxing: update comments and description --- modules/wrapper-manager/sandboxing/boxxy.nix | 4 ++++ modules/wrapper-manager/sandboxing/bubblewrap/default.nix | 7 +++++++ .../wrapper-manager/sandboxing/bubblewrap/filesystem.nix | 4 ++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/wrapper-manager/sandboxing/boxxy.nix b/modules/wrapper-manager/sandboxing/boxxy.nix index baa81c86..21db0f54 100644 --- a/modules/wrapper-manager/sandboxing/boxxy.nix +++ b/modules/wrapper-manager/sandboxing/boxxy.nix @@ -38,6 +38,10 @@ let default = cfg.package; }; + # TODO: Perhaps, consider creating a PR to upstream repo to pass a config file? + # Boxxy doesn't have a way to pass a custom configuration file so we're + # settling with this. Besides, Boxxy-launched programs can inherit the + # environment anyways so a custom config file is not needed for now. rules = lib.mkOption { type = with lib.types; attrsOf (submodule boxxyRuleModule); default = { }; diff --git a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix index b37b87b6..4556ff91 100644 --- a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix +++ b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix @@ -7,6 +7,12 @@ # Similar to most of them, this is basically a builder for the right arguments # to be passed to `bwrap`. # +# Also similar to those projects, we also have a launcher (at `launcher` +# subdirectory) specializing in Bubblewrap-wrapped programs. The reasoning is +# it allows us to easily take care of things that are hard to do inside of Nix +# such as handling hardware configuration and the experience to have to do all +# of that in nixpkgs runtime shell (Bash) is a pain to develop. +# # As already mentioned from the Bubblewrap README, we'll have to be careful for # handling D-Bus so we'll use xdg-dbus-proxy for that. { config, lib, pkgs, ... }: @@ -49,6 +55,7 @@ let in { imports = [ + #./launcher.nix ./dbus-filter.nix ./filesystem.nix ]; diff --git a/modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix b/modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix index 20a8f1f0..6da82f7e 100644 --- a/modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix +++ b/modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix @@ -62,7 +62,7 @@ let ::: {.caution} Typically, this is not recommended especially for Bubblewrap environments. If you want to bind some of the items from the Nix store, - it is recommended to use {option}`sharedNixPaths` instead. + it is recommended to use {option}`sandboxing.bubblewrap.sharedNixPaths` instead. ::: ''; }; @@ -71,7 +71,7 @@ let type = with lib.types; listOf package; default = [ ]; description = if isGlobal then '' - A global list of store paths to be shared + A global list of store paths (including its dependencies) to be shared per-Bubblewrap-enabled-wrappers. '' else '' A list of store paths to be mounted (as read-only bind-mounts). Note