lorri: unbreak due to too tight sandboxing

lorri needs to be able to write to /run/user/uid for the socket, to its
own cache directory ~/.cache/lorri and to the directory for gc roots.

(cherry picked from commit f06edaf18b)
This commit is contained in:
Guillaume Girol 2024-01-01 09:56:03 +01:00 committed by Robert Helgesson
parent d5824a76bc
commit 7e398b3d76
No known key found for this signature in database
GPG key ID: 96E745BD17AA17ED

View file

@ -52,6 +52,12 @@ in {
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = "read-only";
ReadWritePaths = [
# /run/user/1000 for the socket
"%t"
"/nix/var/nix/gcroots/per-user/%u"
];
CacheDirectory = [ "lorri" ];
Restart = "on-failure";
Environment = let
path = with pkgs;