procps: sandbox

2024-03-03 06:55:17 +00:00 · 2024-03-03 06:55:17 +00:00 · 8821b3ca7d
commit 8821b3ca7d
parent 5e5a1fbaae
1 changed files with 5 additions and 1 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -718,7 +718,11 @@ in
      "/sys/kernel"
    ];

-    procps = {};
+    # procps: free, pgrep, pidof, pkill, ps, pwait, top, uptime, couple others
+    procps.sandbox.method = "bwrap";
+    procps.sandbox.extraConfig = [
+      "--sane-sandbox-keep-namespace" "pid"
+    ];

    pstree.sandbox.method = "landlock";
    pstree.sandbox.extraPaths = [