lorri: unbreak due to too tight sandboxing
lorri needs to be able to write to /run/user/uid for the socket, to its
own cache directory ~/.cache/lorri and to the directory for gc roots.
(cherry picked from commit f06edaf18b
)
This commit is contained in:
parent
d5824a76bc
commit
7e398b3d76
|
@ -52,6 +52,12 @@ in {
|
|||
PrivateTmp = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = "read-only";
|
||||
ReadWritePaths = [
|
||||
# /run/user/1000 for the socket
|
||||
"%t"
|
||||
"/nix/var/nix/gcroots/per-user/%u"
|
||||
];
|
||||
CacheDirectory = [ "lorri" ];
|
||||
Restart = "on-failure";
|
||||
Environment = let
|
||||
path = with pkgs;
|
||||
|
|
Loading…
Reference in a new issue