colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs/sandboxing: add required args to use pasta

Browse Source
This commit is contained in:
Colin
2024-09-21 12:21:11 +00:00
parent 224b298cda
commit 208b634040
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/programs/make-sandbox-args.nix
View File

@@ -54,7 +54,12 @@ let
"stderr"
# bwrap also does some stuff for /dev/{console,core,ptmx,pts,shm}, i don't need those (yet?)
]);
netDev = n: if n == "all" then [ "--bunpen-keep-net" ] else [ "--bunpen-net-dev" n ];
# if we need any sort of networking, keep /dev/net/tun. pasta will need that to create its tunnel.
# TODO: is this safe?
netDev = n: if n == "all" then
[ "--bunpen-path" "/dev/net/tun" "--bunpen-keep-net" ]
else
[ "--bunpen-path" "/dev/net/tun" "--bunpen-net-dev" n ];
netGateway = netGateway: [ "--bunpen-net-gateway" netGateway ];
path = p: [ "--bunpen-path" p ];
path-home = p: [ "--bunpen-home-path" p ];