From 8821b3ca7d43922b20d0d953f917981373ef0778 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 3 Mar 2024 06:55:17 +0000
Subject: [PATCH] procps: sandbox

---
 hosts/common/programs/assorted.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index e02744d7..93e3974e 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -718,7 +718,11 @@ in
       "/sys/kernel"
     ];
 
-    procps = {};
+    # procps: free, pgrep, pidof, pkill, ps, pwait, top, uptime, couple others
+    procps.sandbox.method = "bwrap";
+    procps.sandbox.extraConfig = [
+      "--sane-sandbox-keep-namespace" "pid"
+    ];
 
     pstree.sandbox.method = "landlock";
     pstree.sandbox.extraPaths = [