From 2c76497d34e3b3b47a496228c53bcafdb78f39a8 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 11 Sep 2024 02:04:59 +0000
Subject: [PATCH] wirelesstools: sandbox with bunpen (only minimally tested)

---
 hosts/common/programs/assorted.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 79c8930d1..81d9e5bba 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -1261,9 +1261,10 @@ in
     wireguard-tools.sandbox.tryKeepUsers = true;
 
     # provides `iwconfig`, `iwlist`, `iwpriv`, ...
-    wirelesstools.sandbox.method = "landlock";
+    wirelesstools.sandbox.method = "bunpen";
     wirelesstools.sandbox.net = "all";
     wirelesstools.sandbox.capabilities = [ "net_admin" ];
+    wirelesstools.sandbox.tryKeepUsers = true;
 
     wl-clipboard.sandbox.method = "bunpen";
     wl-clipboard.sandbox.whitelistWayland = true;