programs: smartmontools (smartctl): sandbox

2024-02-17 15:36:13 +00:00
parent 24cba0c856
commit 785b375671
1 changed files with 6 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -768,6 +768,12 @@ in
    # printer/filament settings
    slic3r.persist.byStore.plaintext = [ ".Slic3r" ];

+    # use like `sudo smartctl /dev/sda -a`
+    smartmontools.sandbox.method = "landlock";
+    smartmontools.sandbox.wrapperType = "wrappedDerivation";
+    smartmontools.sandbox.autodetectCliPaths = "existing";
+    smartmontools.sandbox.capabilities = [ "sys_rawio" ];
+
    sops.sandbox.method = "bwrap";  # TODO:sandbox: untested
    sops.sandbox.wrapperType = "wrappedDerivation";
    sops.sandbox.extraHomePaths = [