curlftpfs: document sandbox attempt
This commit is contained in:
parent
87e3f2a9ef
commit
10fc7bbb84
|
@ -21,5 +21,15 @@
|
||||||
ln -s curlftpfs $out/bin/mount.curlftpfs
|
ln -s curlftpfs $out/bin/mount.curlftpfs
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
|
|
||||||
|
# TODO: try to sandbox this better? maybe i can have fuse (unsandboxed) invoke curlftpfs (sandboxed)?
|
||||||
|
# - landlock gives EPERM
|
||||||
|
# - bwrap just silently doesn't mount it, maybe because of setuid stuff around fuse?
|
||||||
|
# sandbox.method = "capshonly";
|
||||||
|
# sandbox.net = "all";
|
||||||
|
# sandbox.capabilities = [
|
||||||
|
# "sys_admin"
|
||||||
|
# "sys_module"
|
||||||
|
# ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user