systemctl: fix sandboxing

2025-01-21 05:51:31 +00:00
parent 8fbf0e416b
commit 7f1be0d933
1 changed files with 2 additions and 1 deletions
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -819,7 +819,8 @@ let
          "/sys/firmware"  #< for moby camera, to parse its devicetree
          # "/dev"
        ] ++ lib.optionals config.sandbox.whitelistSystemctl [
-          "/run/systemd/system"
+          "/run/systemd/system"  # TODO(2025-01-20): still necessary?
+          "/run/systemd/private"
        ]
      ;
      sandbox.extraRuntimePaths =