programs: jq: add working sandbox criteria, but don't enable yet
i need to handle the extremely common `cat foo | jq .` without adding `.` to the sandbox
This commit is contained in:
parent
a273b559e2
commit
a729f91d21
|
@ -582,7 +582,9 @@ in
|
||||||
iw.sandbox.net = "all";
|
iw.sandbox.net = "all";
|
||||||
iw.sandbox.capabilities = [ "net_admin" ];
|
iw.sandbox.capabilities = [ "net_admin" ];
|
||||||
|
|
||||||
# jq.sandbox.autodetectCliPaths = true; # liable to over-detect
|
# jq.sandbox.method = "bwrap";
|
||||||
|
# jq.sandbox.wrapperType = "wrappedDerivation";
|
||||||
|
# jq.sandbox.autodetectCliPaths = true; # liable to over-detect, but how else to sandbox?
|
||||||
|
|
||||||
killall.sandbox.method = "landlock";
|
killall.sandbox.method = "landlock";
|
||||||
killall.sandbox.wrapperType = "wrappedDerivation";
|
killall.sandbox.wrapperType = "wrappedDerivation";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user