- The `-overlay` flag runs the specified binary inside an OverlayFS,
since the /nix store may be in a different mount point than the user
home, this patch explicitly bind mounts it so it's available inside
the overlay.
- profile builder: firejail provides facilities to build a new profiles.
To do so, it execute the helper binary `fbuilder`, which in turn will
execute firejail back with different options. This patch makes it use
the binary available in PATH instead of the one produced at compile time.
The compiled firejail binary doesn't have the necessary permissions,
so the firejail NixOS module wraps it in a SUID wrapper available on
PATH at runtime.
Signed-off-by: Roosembert Palacios <roosemberth@posteo.ch>
xdg-dbus-proxy path is hardcoded in the common.h file in the firejail
source code. if this binary is not found, dbus filtering capabilities
of firejail get limited i.e. you can only entirely disable or entirely
enable dbus communication.
The sed expression wasn't really catching anything (as local profiles are
included in the provided set of profiles by `include aaa.local` and not by
`include xx/firejail/aaa.local` as the sed expression used to expect).
As a result, it was not possible to create local profiles in any
accessible location. This fix makes it possible to create them in
`/etc/firejail/` which seems pretty standard.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/firejail/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firejail had a zero exit code or showed the expected version
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firemon passed the binary check.
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firecfg passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- found 0.9.54 with grep in /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54
- directory tree listing: https://gist.github.com/3fb76054296d9e45fea3c47ae6a9f03f
- du listing: https://gist.github.com/a732bad0be0159f527ca4e8c532400ed
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
