programs: forkstat: sandbox
This commit is contained in:
parent
da1053d635
commit
44647e0d36
|
@ -401,6 +401,15 @@ in
|
||||||
withWebkit = false;
|
withWebkit = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
forkstat.sandbox.method = "landlock"; #< doesn't seem to support bwrap
|
||||||
|
forkstat.sandbox.wrapperType = "wrappedDerivation";
|
||||||
|
forkstat.sandbox.extraConfig = [
|
||||||
|
"--sane-sandbox-keep-pidspace"
|
||||||
|
];
|
||||||
|
forkstat.sandbox.extraPaths = [
|
||||||
|
"/proc"
|
||||||
|
];
|
||||||
|
|
||||||
# fuzzel: TODO: re-enable sandbox. i use fuzzel both as an entry system (snippets) AND an app-launcher.
|
# fuzzel: TODO: re-enable sandbox. i use fuzzel both as an entry system (snippets) AND an app-launcher.
|
||||||
# as an app-launcher, it cannot be sandboxed without over-restricting the app it launches.
|
# as an app-launcher, it cannot be sandboxed without over-restricting the app it launches.
|
||||||
# should probably make it not be an app-launcher
|
# should probably make it not be an app-launcher
|
||||||
|
|
Loading…
Reference in New Issue
Block a user