todo.md: make a list of the programs i've procrastinated on sandboxing

2024-07-06 19:31:19 +00:00
parent b844a9ef5d
commit 572a340c8a
1 changed files with 7 additions and 0 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -69,6 +69,13 @@
 - /mnt/desko/home, etc, shouldn't include secrets (~/private)
  - 95% of its use is for remote media access and stuff which isn't in VCS (~/records)
 - port all sane.programs to be sandboxed
+  - sandbox `curlftpfs`
+  - sandbox `sshfs-fuse`
+  - sandbox `wally-cli`
+  - sandbox `bitcoind`
+  - sandbox `clightning`
+  - sandbox `matrix-synapse`
+  - sandbox `zfs`
  - enforce that all `environment.packages` has a sandbox profile (or explicitly opts out)
  - revisit "non-sandboxable" apps and check that i'm not actually just missing mountpoints
    - LL_FS_RW=/ isn't enough -- need all mount points like `=/:/proc:/sys:...`.