lnl: (re)enable sandboxing with extra-sandbox-paths

There are still some problems with frameworks, this opens up the sandbox enough by default to work around that and make it work like expected in most cases.
author: Daiderd Jordan <daiderd@gmail.com> 2019-02-12 20:25:29 +0100
committer: Daiderd Jordan <daiderd@gmail.com> 2019-02-12 20:25:29 +0100
commit: e61dcc1024ce468728ba243d41991c872d81b28b (patch)
tree: 885fcae530251d897727cc4240bd82ce2f317d37 /modules/examples
parent: e812130e5decd51e9fad04941364b1445747a1ac (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix
index 2d881d2..f83a177 100644
--- a/modules/examples/lnl.nix
+++ b/modules/examples/lnl.nix
@@ -82,9 +82,11 @@
   nix.binaryCachePublicKeys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
   nix.trustedBinaryCaches = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
   nix.trustedUsers = [ "@admin" ];
-  nix.useSandbox = true;
   nix.package = pkgs.nixUnstable;
 
+  nix.useSandbox = true;
+  nix.sandboxPaths = [ "/System/Library/Frameworks" "/System/Library/PrivateFrameworks" "/usr/lib" "/dev" "/bin/sh" "/usr/bin/env" ];
+
   programs.nix-index.enable = true;
 
   programs.gnupg.agent.enable = true;
author	Daiderd Jordan <daiderd@gmail.com>	2019-02-12 20:25:29 +0100
committer	Daiderd Jordan <daiderd@gmail.com>	2019-02-12 20:25:29 +0100
commit	e61dcc1024ce468728ba243d41991c872d81b28b (patch)
tree	885fcae530251d897727cc4240bd82ce2f317d37 /modules/examples
parent	e812130e5decd51e9fad04941364b1445747a1ac (diff)