internal/outcome: expose pipewire via pipewire-pulse
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst. Closes #29. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
10
options.nix
10
options.nix
@@ -242,19 +242,11 @@ in
|
||||
type = nullOr bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to share the PipeWire server via SecurityContext.
|
||||
Whether to share the PipeWire server via pipewire-pulse on a SecurityContext socket.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
pulse = mkOption {
|
||||
type = nullOr bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to run the PulseAudio compatibility daemon.
|
||||
'';
|
||||
};
|
||||
|
||||
share = mkOption {
|
||||
type = nullOr package;
|
||||
default = null;
|
||||
|
||||
Reference in New Issue
Block a user