From fb00a6b07c8c5bce9d7c4318c8e77a4be9e97546 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Thu, 26 Feb 2026 15:58:43 +0000 Subject: [PATCH] sandbox-permissions: Document --socket=inherit-wayland-socket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Its meaning wasn’t previously documented anywhere, and this docs section seems to be where full-form documentation for `--socket` options is being collated. Signed-off-by: Philip Withnall --- docs/sandbox-permissions.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sandbox-permissions.rst b/docs/sandbox-permissions.rst index 256522e6..71e8459d 100644 --- a/docs/sandbox-permissions.rst +++ b/docs/sandbox-permissions.rst @@ -99,6 +99,12 @@ The following permissions are commonly used by applications. - ``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``. This is not commonly needed unless the application interacts with SSH such as Git clients or SSH frontends. +- ``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` + environment variable from the parent process (for example, the compositor). + This is not commonly needed unless the application needs access to + the parent process’ Wayland state. Input method applications may need + this. It’s a very sensitive permission as it prevents Wayland client + state from being sandboxed. .. note::