From 4f2848ca3941268762e06ae0bcc227b73b7486a7 Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Sat, 21 Oct 2023 18:08:29 +0200 Subject: [PATCH] try firejail again for browsers --- common.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/common.nix b/common.nix index a531765..5c7a534 100644 --- a/common.nix +++ b/common.nix @@ -204,7 +204,6 @@ in aspellDicts.en borgbackup btop - chromium clamav clinfo config.boot.kernelPackages.perf @@ -212,7 +211,6 @@ in fdupes file filelight - firefox gitFull glxinfo gptfdisk @@ -236,7 +234,18 @@ in zsh-powerlevel10k ]; - # we want global available browsers + # we want sandboxed browsers + programs.firejail.enable = true; + programs.firejail.wrappedBinaries = { + chromium = { + executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium"; + profile = "${pkgs.firejail}/etc/firejail/chromium.profile"; + }; + firefox = { + executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; + profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; + }; + }; programs.chromium.enable = true; programs.firefox.enable = true;