colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: iputils: sandbox

Browse Source
This commit is contained in:
Colin 2024-02-17 03:33:05 +00:00
parent 4ced02b0b2
commit 784c2145f3
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/common/programs/assorted.nix
View File

@ -531,11 +531,10 @@ in
iptables.sandbox.capabilities = [ "net_admin" ];
# iputils provides `ping` (and arping, clockdiff, tracepath)
# TODO: still being shadowed by non-sandboxed iputils
# iputils.sandbox.method = "landlock";
# iputils.sandbox.wrapperType = "wrappedDerivation";
# iputils.sandbox.net = "all";
# iputils.sandbox.capabilities = [ "net_raw" ];
iputils.sandbox.method = "landlock";
iputils.sandbox.wrapperType = "wrappedDerivation";
iputils.sandbox.net = "all";
iputils.sandbox.capabilities = [ "net_raw" ];
iw.sandbox.method = "landlock";
iw.sandbox.wrapperType = "wrappedDerivation";