todo.md: make a list of the programs i've procrastinated on sandboxing

This commit is contained in:
2024-07-06 19:31:19 +00:00
parent b844a9ef5d
commit 572a340c8a

View File

@@ -69,6 +69,13 @@
- /mnt/desko/home, etc, shouldn't include secrets (~/private)
- 95% of its use is for remote media access and stuff which isn't in VCS (~/records)
- port all sane.programs to be sandboxed
- sandbox `curlftpfs`
- sandbox `sshfs-fuse`
- sandbox `wally-cli`
- sandbox `bitcoind`
- sandbox `clightning`
- sandbox `matrix-synapse`
- sandbox `zfs`
- enforce that all `environment.packages` has a sandbox profile (or explicitly opts out)
- revisit "non-sandboxable" apps and check that i'm not actually just missing mountpoints
- LL_FS_RW=/ isn't enough -- need all mount points like `=/:/proc:/sys:...`.