give access to .fonts dir

[bubblebox.git] / profiles.py

diff --git a/profiles.py b/profiles.py
index 57dc01000a5d2aaecdc511cc6d49068f47daa7e6..fb957d8ad0f2791e176c21ce4d3adee6a53335a6 100644 (file)
--- a/profiles.py
+++ b/profiles.py
@@ -7,7 +7,8 @@ DEFAULT = group(
   bwrap_flags("--unshare-user", "--unshare-pid", "--unshare-cgroup"),
   # A different hostname is useful to be able to see when we are inside the sandbox.
   # However, some applications will not like this unless the hostname also exists in `/etc/hosts`!
-  bwrap_flags("--unshare-uts", "--hostname", "bubblebox"),
+  # Also, gnome-shell doesn't display window icons properly when this is set.
+  #bwrap_flags("--unshare-uts", "--hostname", "bubblebox"),
   # Make sure the sandbox cannot inject commands into the host terminal.
   # TODO: This flag breaks some CLI applications, like job control in shells.
   # Consider using SECCOMP instead.
@@ -60,7 +61,7 @@ def DESKTOP(name):
     # We set GSETTINGS_BACKEND to make GTK3 apps use the config file in ~/.config/glib-2.0.
     # (The "right" solution here is probably the settings portal...)
     home_access({
-      (".config/fontconfig", ".config/glib-2.0", ".XCompose", ".local/share/applications"): Access.Read,
+      (".config/fontconfig", ".fonts", ".config/glib-2.0", ".XCompose", ".local/share/applications"): Access.Read,
     }),
     bwrap_flags("--setenv", "GSETTINGS_BACKEND", "keyfile"),
     # Access to basic d-bus services (that are hopefully safe to expose...)