forkstat: sandbox with bunpen

This commit is contained in:
2024-09-07 20:16:59 +00:00
parent e66c389695
commit 41d7268094

View File

@@ -600,8 +600,10 @@ in
withWebkit = false;
});
forkstat.sandbox.method = "landlock"; #< doesn't support bwrap unless i do `--sanebox-keep-namespace pid --sanebox-keep-namespace net`
forkstat.sandbox.method = "bunpen";
forkstat.sandbox.keepPidsAndProc = true;
forkstat.sandbox.tryKeepUsers = true;
forkstat.sandbox.net = "all"; #< it errors without this, wish i knew why
fuzzel.sandbox.method = "bwrap";
fuzzel.sandbox.whitelistWayland = true;