try firejail again for browsers

This commit is contained in:
Christoph Cullmann 2023-10-21 18:08:29 +02:00
parent 65b8beb644
commit 4f2848ca39

View file

@ -204,7 +204,6 @@ in
aspellDicts.en aspellDicts.en
borgbackup borgbackup
btop btop
chromium
clamav clamav
clinfo clinfo
config.boot.kernelPackages.perf config.boot.kernelPackages.perf
@ -212,7 +211,6 @@ in
fdupes fdupes
file file
filelight filelight
firefox
gitFull gitFull
glxinfo glxinfo
gptfdisk gptfdisk
@ -236,7 +234,18 @@ in
zsh-powerlevel10k zsh-powerlevel10k
]; ];
# we want global available browsers # we want sandboxed browsers
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
chromium = {
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
};
firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
};
};
programs.chromium.enable = true; programs.chromium.enable = true;
programs.firefox.enable = true; programs.firefox.enable = true;