programs: sandbox powertop

2024-02-16 05:28:17 +00:00
parent 4085828575
commit 3fd89ec91b
1 changed files with 10 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -508,6 +508,16 @@ in

    "perlPackages.FileMimeInfo".sandbox.enable = false;  #< TODO: sandbox `mimetype` but not `mimeopen`.

+    powertop.sandbox.method = "landlock";
+    powertop.sandbox.wrapperType = "wrappedDerivation";
+    powertop.sandbox.capabilities = [ "cap_ipc_lock" "cap_sys_admin" ];
+    powertop.sandbox.extraPaths = [
+      "/proc"
+      "/sys/class"
+      "/sys/devices"
+      "/sys/kernel"
+    ];
+
    pwvucontrol.sandbox.method = "bwrap";
    pwvucontrol.sandbox.wrapperType = "wrappedDerivation";
    pwvucontrol.sandbox.whitelistAudio = true;