colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

findutils: remove sandboxing, it doesnt make sense

Browse Source
This commit is contained in:
Colin
2024-10-17 21:44:02 +00:00
parent 0c85d73466
commit 30cd1c06ba
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/common/programs/assorted.nix
View File

@@ -557,13 +557,14 @@ in
file.sandbox.autodetectCliPaths = "existing"; #< file OR directory, yes file.sandbox.autodetectCliPaths = "existing"; #< file OR directory, yes
findutils.sandbox.autodetectCliPaths = "existing"; findutils.sandbox.enable = false; #< `find -exec FOO`, needs to exec arbitrary commands
findutils.sandbox.whitelistPwd = true; # findutils.sandbox.autodetectCliPaths = "existing";
findutils.sandbox.extraHomePaths = [ # findutils.sandbox.whitelistPwd = true;
# let it follow symlinks to non-sensitive data # findutils.sandbox.extraHomePaths = [
".persist/ephemeral" # # let it follow symlinks to non-sensitive data
".persist/plaintext" # ".persist/ephemeral"
]; # ".persist/plaintext"
# ];
font-manager.buildCost = 1; font-manager.buildCost = 1;
font-manager.sandbox.whitelistWayland = true; font-manager.sandbox.whitelistWayland = true;

1
hosts/common/programs/sane-scripts.nix
View File

@@ -159,7 +159,6 @@ in
# really i should sandbox just the utilities # really i should sandbox just the utilities
"sane-scripts.secrets-update-keys".sandbox.method = null; "sane-scripts.secrets-update-keys".sandbox.method = null;
"sane-scripts.secrets-update-keys".suggestedPrograms = [ "sane-scripts.secrets-update-keys".suggestedPrograms = [
"findutils"
"sops" "sops"
]; ];