programs: ripgrep: sandbox with bwrap instead of landlock

this provides network isolation
2024-02-20 23:32:54 +00:00
parent 6cf1bc5a28
commit 429d0c53e7
1 changed files with 2 additions and 2 deletions
--- a/hosts/common/programs/ripgrep.nix
+++ b/hosts/common/programs/ripgrep.nix
@@ -1,8 +1,8 @@
 { ... }:
 {
  sane.programs.ripgrep = {
-    sandbox.method = "landlock";
-    sandbox.wrapperType = "wrappedDerivation";  # slow to build
+    sandbox.method = "bwrap";
+    sandbox.wrapperType = "wrappedDerivation";
    sandbox.autodetectCliPaths = true;
    sandbox.whitelistPwd = true;