From 34aad6f74ccf1b310d80681fd987e7a15622fd37 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 3 Sep 2024 03:02:24 +0000
Subject: [PATCH] python3-repl: sandbox with bunpen

---
 hosts/common/programs/assorted.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 2ebf33ee9..e54669ace 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -1050,10 +1050,10 @@ in
       requests
       unidecode
     ]);
-    python3-repl.sandbox.method = "bwrap";
+    python3-repl.sandbox.method = "bunpen";
     python3-repl.sandbox.net = "clearnet";
     python3-repl.sandbox.extraHomePaths = [
-      "/"
+      "/"  #< this is 'safe' because with don't expose .persist/private, so no .ssh/id_ed25519
       ".persist/plaintext"
     ];