internal/outcome: expose pipewire via pipewire-pulse
Some checks failed
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m26s
Test / Hakurei (push) Successful in 3m24s
Test / Hpkg (push) Successful in 4m22s
Test / Sandbox (race detector) (push) Successful in 4m28s
Test / Hakurei (race detector) (push) Successful in 5m17s
Test / Flake checks (push) Failing after 1m28s
Some checks failed
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m26s
Test / Hakurei (push) Successful in 3m24s
Test / Hpkg (push) Successful in 4m22s
Test / Sandbox (race detector) (push) Successful in 4m28s
Test / Hakurei (race detector) (push) Successful in 5m17s
Test / Flake checks (push) Failing after 1m28s
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst. Closes #29. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -196,15 +196,6 @@ in
|
||||
}
|
||||
]
|
||||
)
|
||||
++ optional (app.enablements.pipewire && app.pulse) {
|
||||
type = "daemon";
|
||||
dst = if app.mapRealUid then "/run/user/${toString config.users.users.${username}.uid}/pulse/native" else "/run/user/65534/pulse/native";
|
||||
path = cfg.shell;
|
||||
args = [
|
||||
"-lc"
|
||||
"exec pipewire-pulse"
|
||||
];
|
||||
}
|
||||
++ [
|
||||
{
|
||||
type = "bind";
|
||||
|
||||
Reference in New Issue
Block a user