colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

systemctl: fix sandboxing

Browse Source
This commit is contained in:
Colin
2025-01-21 05:51:31 +00:00
parent 8fbf0e416b
commit 7f1be0d933
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/programs/default.nix
View File

@@ -819,7 +819,8 @@ let
"/sys/firmware" #< for moby camera, to parse its devicetree "/sys/firmware" #< for moby camera, to parse its devicetree
# "/dev" # "/dev"
] ++ lib.optionals config.sandbox.whitelistSystemctl [ ] ++ lib.optionals config.sandbox.whitelistSystemctl [
"/run/systemd/system" "/run/systemd/system" # TODO(2025-01-20): still necessary?
"/run/systemd/private"
] ]
; ;
sandbox.extraRuntimePaths = sandbox.extraRuntimePaths =