programs: ripgrep: sandbox with bwrap instead of landlock
this provides network isolation
This commit is contained in:
parent
6cf1bc5a28
commit
429d0c53e7
|
@ -1,8 +1,8 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
sane.programs.ripgrep = {
|
sane.programs.ripgrep = {
|
||||||
sandbox.method = "landlock";
|
sandbox.method = "bwrap";
|
||||||
sandbox.wrapperType = "wrappedDerivation"; # slow to build
|
sandbox.wrapperType = "wrappedDerivation";
|
||||||
sandbox.autodetectCliPaths = true;
|
sandbox.autodetectCliPaths = true;
|
||||||
sandbox.whitelistPwd = true;
|
sandbox.whitelistPwd = true;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user