2024-04-15 18:57:22 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.sane.programs;
|
|
|
|
in
|
|
|
|
{
|
2024-05-15 01:41:40 +00:00
|
|
|
sane.programs.sanebox = {
|
|
|
|
packageUnwrapped = pkgs.sanebox.override {
|
2024-04-15 18:57:22 +00:00
|
|
|
bubblewrap = cfg.bubblewrap.package;
|
|
|
|
firejail = cfg.firejail.package;
|
|
|
|
landlock-sandboxer = pkgs.landlock-sandboxer.override {
|
|
|
|
# not strictly necessary (landlock ABI is versioned), however when sandboxer version != kernel version,
|
|
|
|
# the sandboxer may nag about one or the other wanting to be updated.
|
|
|
|
linux = config.boot.kernelPackages.kernel;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
sandbox.enable = false;
|
|
|
|
};
|
|
|
|
}
|