colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

wireguard-tools: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-07 20:33:54 +00:00
parent 823ec0e6f4
commit 8eadede76d
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/common/programs/assorted.nix
View File

@@ -1238,9 +1238,10 @@ in
whalebird.persist.byStore.private = [ ".config/Whalebird" ]; whalebird.persist.byStore.private = [ ".config/Whalebird" ];
# `wg`, `wg-quick` # `wg`, `wg-quick`
wireguard-tools.sandbox.method = "landlock"; wireguard-tools.sandbox.method = "bunpen";
wireguard-tools.sandbox.net = "all"; wireguard-tools.sandbox.net = "all";
wireguard-tools.sandbox.capabilities = [ "net_admin" ]; wireguard-tools.sandbox.capabilities = [ "net_admin" ];
wireguard-tools.sandbox.tryKeepUsers = true;
# provides `iwconfig`, `iwlist`, `iwpriv`, ... # provides `iwconfig`, `iwlist`, `iwpriv`, ...
wirelesstools.sandbox.method = "landlock"; wirelesstools.sandbox.method = "landlock";