btrfs-progs: fix sandboxing to be compat with "btrfs replace"

2025-05-15 04:11:18 +00:00
parent 2701b484e5
commit 471341447e
1 changed files with 4 additions and 1 deletions
--- a/hosts/common/programs/btrfs-progs.nix
+++ b/hosts/common/programs/btrfs-progs.nix
@@ -20,7 +20,10 @@ in
    ];
    sandbox.tryKeepUsers = true;
    sandbox.keepPids = true;  # required for `sudo btrfs scrub start`
-    sandbox.capabilities = [ "sys_admin" ];  # for `btrfs scrub`
+    sandbox.capabilities = [
+      "dac_read_search"  # for `btrfs replace`
+      "sys_admin"  # for `btrfs scrub`
+    ];
  };

  # TODO: service sandboxing