wpa_supplicant: get it to run under bwrap
This commit is contained in:
parent
214f963d89
commit
9bb6a903bb
|
@ -23,11 +23,13 @@ in
|
|||
rm $out/etc/systemd/system/{wpa_supplicant-nl80211@,wpa_supplicant-wired@,wpa_supplicant@}.service
|
||||
'';
|
||||
});
|
||||
sandbox.method = "landlock"; #< 'bwrap' (likely) can't work, because it needs to manipulate net interfaces in the root namespace
|
||||
sandbox.method = "bwrap"; #< landlock works too, even allows us to be a different user than root if we want (bwrap probably requires root)
|
||||
sandbox.capabilities = [
|
||||
# see also: <https://github.com/NixOS/nixpkgs/pull/305722>
|
||||
"net_admin" "net_raw"
|
||||
];
|
||||
# sandbox.extraConfig = [ "--sanebox-keep-namespace" "all" ];
|
||||
sandbox.net = "all";
|
||||
sandbox.extraPaths = [
|
||||
"/dev/net"
|
||||
"/dev/rfkill"
|
||||
|
|
Loading…
Reference in New Issue
Block a user