modemmanager: sandbox with bwrap instead of landlock
This commit is contained in:
parent
820fdecfd5
commit
6570c5ed84
|
@ -7,8 +7,10 @@ in
|
|||
# mmcli needs /run/current-system/sw/share/dbus-1 files to function
|
||||
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
|
||||
|
||||
sandbox.method = "landlock";
|
||||
sandbox.method = "bwrap";
|
||||
sandbox.wrapperType = "inplace"; #< .pc files, GIR files with absolute paths,
|
||||
sandbox.net = "all";
|
||||
sandbox.isolatePids = false;
|
||||
sandbox.capabilities = [
|
||||
"net_admin"
|
||||
"net_raw"
|
||||
|
|
Loading…
Reference in New Issue
Block a user