colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

forkstat: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-07 20:16:59 +00:00
parent e66c389695
commit 41d7268094
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/assorted.nix
View File

@@ -600,8 +600,10 @@ in
withWebkit = false; withWebkit = false;
}); });
forkstat.sandbox.method = "landlock"; #< doesn't support bwrap unless i do `--sanebox-keep-namespace pid --sanebox-keep-namespace net` forkstat.sandbox.method = "bunpen";
forkstat.sandbox.keepPidsAndProc = true; forkstat.sandbox.keepPidsAndProc = true;
forkstat.sandbox.tryKeepUsers = true;
forkstat.sandbox.net = "all"; #< it errors without this, wish i knew why
fuzzel.sandbox.method = "bwrap"; fuzzel.sandbox.method = "bwrap";
fuzzel.sandbox.whitelistWayland = true; fuzzel.sandbox.whitelistWayland = true;