colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modemmanager: sandbox with bwrap instead of landlock

Browse Source
This commit is contained in:
Colin 2024-05-30 18:47:09 +00:00
parent 820fdecfd5
commit 6570c5ed84
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/modemmanager.nix
View File

@ -7,8 +7,10 @@ in
# mmcli needs /run/current-system/sw/share/dbus-1 files to function
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
sandbox.method = "landlock";
sandbox.method = "bwrap";
sandbox.wrapperType = "inplace"; #< .pc files, GIR files with absolute paths,
sandbox.net = "all";
sandbox.isolatePids = false;
sandbox.capabilities = [
"net_admin"
"net_raw"