colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

iotop: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-07 20:23:23 +00:00
parent e517c5cecf
commit 58b3411c8c
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/common/programs/assorted.nix
View File

@@ -778,11 +778,10 @@ in
inetutils.sandbox.capabilities = [ "net_raw" ]; # for `sudo traceroute google.com` inetutils.sandbox.capabilities = [ "net_raw" ]; # for `sudo traceroute google.com`
inetutils.sandbox.tryKeepUsers = true; inetutils.sandbox.tryKeepUsers = true;
iotop.sandbox.method = "landlock"; iotop.sandbox.method = "bunpen";
iotop.sandbox.extraPaths = [
"/proc"
];
iotop.sandbox.capabilities = [ "net_admin" ]; iotop.sandbox.capabilities = [ "net_admin" ];
iotop.sandbox.keepPidsAndProc = true;
iotop.sandbox.tryKeepUsers = true;
# provides `ip`, `routel`, `bridge`, others. # provides `ip`, `routel`, `bridge`, others.
# landlock works fine for most of these, but `ip netns exec` wants to attach to an existing namespace (which requires sudo) # landlock works fine for most of these, but `ip netns exec` wants to attach to an existing namespace (which requires sudo)