networkmanager: cleanup
This commit is contained in:
parent
7dedfcebb9
commit
0013e8305e
|
@ -24,97 +24,24 @@ in
|
|||
"net_admin"
|
||||
"net_raw"
|
||||
"net_bind_service" #< TODO: is this needed? why? (DNS?)
|
||||
# "setgid"
|
||||
# "setuid"
|
||||
# "sys_module" #< TODO: is this needed?
|
||||
# "sys_module"
|
||||
"audit_write" #< allow writing to the audit log
|
||||
# "kill"
|
||||
# "sys_chroot"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
# "/proc"
|
||||
# "/run"
|
||||
# "/sys"
|
||||
# "/var/lib"
|
||||
#^ works
|
||||
|
||||
# "/dev"
|
||||
# "/proc"
|
||||
# "/run"
|
||||
# "/sys"
|
||||
# "/var/lib/NetworkManager"
|
||||
# "/var/lib/trust-dns" #< for trust-dns-nmhook
|
||||
#^ works
|
||||
|
||||
# # "/dev/net"
|
||||
# # "/dev/rfkill"
|
||||
# # "/proc/sys/net"
|
||||
# "/dev"
|
||||
# "/proc"
|
||||
# "/run/NetworkManager"
|
||||
# "/run/dbus"
|
||||
# "/run/log"
|
||||
# "/run/resolvconf"
|
||||
# "/run/secrets"
|
||||
# "/run/systemd"
|
||||
# "/run/udev"
|
||||
# "/run/user"
|
||||
# "/run/wg-home.priv"
|
||||
# "/var/run/NetworkManager" #< legacy symlinks, which NM wants to crawl
|
||||
# "/var/run/dbus"
|
||||
# "/var/run/log"
|
||||
# "/var/run/resolvconf"
|
||||
# "/var/run/systemd"
|
||||
# "/var/run/udev"
|
||||
# "/var/run/user"
|
||||
# "/sys"
|
||||
# # "/sys/class/net"
|
||||
# # "/sys/devices"
|
||||
# "/var/lib/NetworkManager"
|
||||
# "/var/lib/trust-dns" #< for trust-dns-nmhook
|
||||
#^ works
|
||||
|
||||
# "/dev/net"
|
||||
# "/dev/rfkill" #< TODO: check if really necessary!
|
||||
# "/proc" #< TODO: specify this more precisely
|
||||
# "/proc/acpi"
|
||||
# "/proc/asound"
|
||||
# "/proc/bus"
|
||||
# "/proc/cpuinfo"
|
||||
# "/proc/crypto"
|
||||
# "/proc/devices"
|
||||
# "/proc/driver"
|
||||
# "/proc/fs"
|
||||
# "/proc/irq"
|
||||
# "/proc/modules"
|
||||
# "/proc/net"
|
||||
# "/proc/pressure"
|
||||
"/proc/net"
|
||||
"/proc/sys/net"
|
||||
# "/proc/sysvipc"
|
||||
# "/proc/tty"
|
||||
"/run/NetworkManager"
|
||||
# "/run/dbus"
|
||||
# "/run/secrets/net"
|
||||
"/run/systemd" # for trust-dns-nmhook
|
||||
"/run/udev"
|
||||
# "/run/wg-home.priv" #< TODO: move this into /run/secrets?
|
||||
# "/run/wg-home.priv"
|
||||
"/sys/class" #< TODO: specify this more precisely
|
||||
"/sys/devices"
|
||||
"/var/lib/NetworkManager"
|
||||
# "/var/lib/bluetooth"
|
||||
# "/var/lib/cups"
|
||||
# "/var/lib/etc_secrets"
|
||||
# "/var/lib/machines"
|
||||
# "/var/lib/nixos"
|
||||
# "/var/lib/portables"
|
||||
# "/var/lib/private"
|
||||
# "/var/lib/systemd" #< rfkill?
|
||||
"/var/lib/trust-dns" #< for trust-dns-nmhook
|
||||
# "/var/lib/udisks2"
|
||||
];
|
||||
|
||||
# sandbox.whitelistDbus = [ "system" ];
|
||||
sandbox.whitelistDbus = [ "system" ]; #< apparently not actually needed?
|
||||
};
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user