Update deps

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1652368125,
+        "lastModified": 1720893482,
-        "narHash": "sha256-AaNNYTSxN+f85oBN2tnz8SNWiTmFo35jddTHXQjNDgM=",
+        "narHash": "sha256-fGQczQ3JuvqSK3rYsJvvbE7j8BENLp8DqJH1B0uXYKg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f73cc9cbd82a7a8ce626bbaf02a55c1cfb34d6e5",
+        "rev": "94c843e8f05bac70e905c48c965ba7be79bde613",
         "type": "github"
       },
       "original": {

flake.nix

@@ -6,9 +6,15 @@
   outputs = { self, nixpkgs }: {
     packages.x86_64-linux.default =
       with import nixpkgs { system = "x86_64-linux"; };
-      nimPackages.buildNimPackage {
+      buildNimPackage {
         name = "bwbox";
         src = self;
+        nativeBuildInputs = [pkgs.makeWrapper];
+        postInstall = ''
+          wrapProgram $out/bin/bwbox \
+            --prefix PATH ':' ${pkgs.bubblewrap}/bin \
+            --prefix PATH ':' ${pkgs.xdg-dbus-proxy}/bin
+        '';
       };
   };
 }

lib/sandbox.nim

@@ -1,4 +1,5 @@
 import strutils
+import sequtils
 import options
 import config
 import utils
@@ -36,6 +37,7 @@ proc sandboxExec*(args: Args) =
   config.extendConfig()
 
   call
+    .addArg("--new-session")
     .addArg("--dev", "/dev")
     .addMount("--dev-bind", "/dev/random")
     .addMount("--dev-bind", "/dev/urandom")
@@ -71,10 +73,9 @@ proc sandboxExec*(args: Args) =
 
   # resolve binary path outside of the sandbox
   var cmd = args.getCmd
-
-  echo cmd
   cmd[0] = findExe(cmd[0])
 
+  echo call.args.join("  ")
   echo cmd
 
   call.addArg(cmd).exec()