From 8657cf1fcf02f17804623064d9083ba16c7a6306 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 1 Jun 2024 12:17:08 +0000
Subject: [PATCH] ship `ausyscall` binary

---
 hosts/common/programs/assorted.nix  |  1 +
 hosts/common/programs/ausyscall.nix | 10 ++++++++++
 hosts/common/programs/default.nix   |  1 +
 3 files changed, 12 insertions(+)
 create mode 100644 hosts/common/programs/ausyscall.nix

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 5363bbb2..eb617b33 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -34,6 +34,7 @@ in
     ];
 
     sysadminUtils = declPackageSet [
+      "ausyscall"
       "bridge-utils"  # for brctl; debug linux "bridge" inet devices
       "btrfs-progs"
       "cacert.unbundled"  # some services require unbundled /etc/ssl/certs
diff --git a/hosts/common/programs/ausyscall.nix b/hosts/common/programs/ausyscall.nix
new file mode 100644
index 00000000..5780ebf7
--- /dev/null
+++ b/hosts/common/programs/ausyscall.nix
@@ -0,0 +1,10 @@
+# `ausyscall --dump`: lists all syscalls by number and name
+{ pkgs, ... }:
+{
+  sane.programs.ausyscall = {
+    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.audit "bin/ausyscall";
+
+    sandbox.method = "landlock";
+  };
+}
+
diff --git a/hosts/common/programs/default.nix b/hosts/common/programs/default.nix
index 3d73952a..7b19be82 100644
--- a/hosts/common/programs/default.nix
+++ b/hosts/common/programs/default.nix
@@ -9,6 +9,7 @@
     ./animatch.nix
     ./assorted.nix
     ./audacity.nix
+    ./ausyscall.nix
     ./bemenu.nix
     ./blast-ugjka
     ./bonsai.nix