| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The chezmoi-owned user units and ~/.local/bin wrapper scripts called
the migrated tools by absolute /usr/bin/ path. After the move to nix,
those binaries live under ~/.nix-profile/bin (no /usr/bin alias).
systemd user units: drop the /usr/bin/ prefix on cliphist-{text,image}
(wl-paste), inhibridge, swayidle, swayrd, waybar, and the inner wob
in wob.service (outer /usr/bin/sh stays, sh is system). systemd
resolves bare names through the unit's inherited PATH, which includes
~/.nix-profile/bin via hm-session-vars.
dictate: default_model now points at
~/.nix-profile/share/whisper-cpp-models/ggml-base.bin (overridable via
$WHISPER_MODEL). Header rewritten to mention nix instead of AUR.
yt-dlp / streamlink wrappers: pass $HOME/.nix-profile/bin/<tool> to
_sandbox-net-parser so the bwrap-sandboxed binary is resolved
explicitly (the wrappers shadow PATH lookup inside their own
~/.local/bin so re-entry would loop).
|
|
|
These three tools are the native (non-flatpak) network parsers in the
install set — every other internet-facing app is already flatpak'd. The
threat model is a RCE in a subtitle/extractor/muxer that walks $HOME
looking for SSH keys, GPG keyring, pass store, cloud tokens, etc.
Approach (defence in depth, not full sandboxing):
- bwrap --bind / / keeps Wayland, PipeWire, DBus, GPU, hwaccel and all
config files working transparently.
- --tmpfs over known-sensitive dirs (.ssh, .gnupg, .password-store,
.config/gh, .config/op, .aws, .local/share/keyrings) blanks them
from the sandbox view; a compromised parser literally cannot see them.
- inner PATH stripped of ~/.local/bin so streamlink's spawn of `mpv`
resolves to /usr/bin/mpv and does not re-enter the sandbox.
- --die-with-parent + --new-session for tidy lifecycle.
- Escape hatch: SANDBOX=0 mpv ... bypasses for one invocation.
- Graceful degradation if bwrap is missing (warns and execs anyway).
bubblewrap added explicitly to meta/base.txt (was implicit via flatpak).
Wrappers in ~/.local/bin shadow /usr/bin via dot_zprofile:15 PATH order.
Not symlinked into the Ubuntu VM (nix/vm.nix does not touch ~/.local/bin),
which is fine: those tools on the headless VM don't need sandboxing.
|
sommerfeld