cmd/hakurei: add pipewire flag

This is for "run" command, formerly permissive defaults behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/command.go

@@ -91,7 +91,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 
 			flagPrivateRuntime, flagPrivateTmpdir bool
 
-			flagWayland, flagX11, flagDBus, flagPulse bool
+			flagWayland, flagX11, flagDBus, flagPipeWire, flagPulse bool
 		)
 
 		c.NewCommand("run", "Configure and start a permissive container", func(args []string) error {
@@ -146,6 +146,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 			if flagDBus {
 				et |= hst.EDBus
 			}
+			if flagPipeWire || flagPulse {
+				et |= hst.EPipeWire
+			}
 			if flagPulse {
 				et |= hst.EPulse
 			}
@@ -297,8 +300,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 				"Enable direct connection to X11").
 			Flag(&flagDBus, "dbus", command.BoolFlag(false),
 				"Enable proxied connection to D-Bus").
+			Flag(&flagPipeWire, "pipewire", command.BoolFlag(false),
+				"Enable connection to PipeWire via SecurityContext").
 			Flag(&flagPulse, "pulse", command.BoolFlag(false),
-				"Enable direct connection to PulseAudio")
+				"Enable PulseAudio compatibility daemon")
 	}
 
 	{