modules/programs: plumb capabilities into bunpen sandboxer

2024-08-30 20:36:11 +00:00
parent 2053ba079c
commit 737df8c10e
1 changed files with 1 additions and 0 deletions
--- a/modules/programs/make-sandbox-args.nix
+++ b/modules/programs/make-sandbox-args.nix
@@ -31,6 +31,7 @@ let
  };
  bunpenGenerators = {
    autodetectCliPaths = style: [ "--bunpen-autodetect" style ];
+    capability = cap: [ "--bunpen-cap" cap ];
    method = m: assert m == "bunpen";
      # smuggle in some defaults
      (lib.concatMap (devnode: [ "--bunpen-path" "/dev/${devnode}" ]) [