lorri: unbreak due to too tight sandboxing
lorri needs to be able to write to /run/user/uid for the socket, to its own cache directory ~/.cache/lorri and to the directory for gc roots.
This commit is contained in:
parent
b7ef79bcf4
commit
f06edaf18b
|
@ -52,6 +52,12 @@ in {
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
ProtectHome = "read-only";
|
ProtectHome = "read-only";
|
||||||
|
ReadWritePaths = [
|
||||||
|
# /run/user/1000 for the socket
|
||||||
|
"%t"
|
||||||
|
"/nix/var/nix/gcroots/per-user/%u"
|
||||||
|
];
|
||||||
|
CacheDirectory = [ "lorri" ];
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
Environment = let
|
Environment = let
|
||||||
path = with pkgs;
|
path = with pkgs;
|
||||||
|
|
Loading…
Reference in a new issue