try firejail again for browsers

author: Christoph Cullmann <cullmann@kde.org> 2023-10-21 18:08:29 +0200
committer: Christoph Cullmann <cullmann@kde.org> 2023-10-21 18:08:29 +0200
commit: 4f2848ca3941268762e06ae0bcc227b73b7486a7 (patch)
tree: 9fc494a58bca5abba6b0483a26700128fefc02b3 /common.nix
parent: 65b8beb6440912a04a8e5fcdb093613fadab4f75 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/common.nix b/common.nix
index a531765..5c7a534 100644
--- a/common.nix
+++ b/common.nix
@@ -204,7 +204,6 @@ in
     aspellDicts.en
     borgbackup
     btop
-    chromium
     clamav
     clinfo
     config.boot.kernelPackages.perf
@@ -212,7 +211,6 @@ in
     fdupes
     file
     filelight
-    firefox
     gitFull
     glxinfo
     gptfdisk
@@ -236,7 +234,18 @@ in
     zsh-powerlevel10k
   ];
 
-  # we want global available browsers
+  # we want sandboxed browsers
+  programs.firejail.enable = true;
+  programs.firejail.wrappedBinaries = {
+    chromium = {
+      executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
+      profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
+    };
+    firefox = {
+      executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
+      profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
+    };
+  };
   programs.chromium.enable = true;
   programs.firefox.enable = true;
author	Christoph Cullmann <cullmann@kde.org>	2023-10-21 18:08:29 +0200
committer	Christoph Cullmann <cullmann@kde.org>	2023-10-21 18:08:29 +0200
commit	4f2848ca3941268762e06ae0bcc227b73b7486a7 (patch)
tree	9fc494a58bca5abba6b0483a26700128fefc02b3 /common.nix
parent	65b8beb6440912a04a8e5fcdb093613fadab4f75 (diff)