colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/programs: plumb capabilities into bunpen sandboxer

Browse Source
This commit is contained in:
Colin
2024-08-30 20:36:11 +00:00
parent 2053ba079c
commit 737df8c10e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/programs/make-sandbox-args.nix
View File

@@ -31,6 +31,7 @@ let
}; };
bunpenGenerators = { bunpenGenerators = {
autodetectCliPaths = style: [ "--bunpen-autodetect" style ]; autodetectCliPaths = style: [ "--bunpen-autodetect" style ];
capability = cap: [ "--bunpen-cap" cap ];
method = m: assert m == "bunpen"; method = m: assert m == "bunpen";
# smuggle in some defaults # smuggle in some defaults
(lib.concatMap (devnode: [ "--bunpen-path" "/dev/${devnode}" ]) [ (lib.concatMap (devnode: [ "--bunpen-path" "/dev/${devnode}" ]) [