sysctl: ship it
This commit is contained in:
@@ -110,6 +110,7 @@ in
|
|||||||
"tcpdump"
|
"tcpdump"
|
||||||
"tree"
|
"tree"
|
||||||
"unixtools.ps"
|
"unixtools.ps"
|
||||||
|
"unixtools.sysctl"
|
||||||
"unixtools.xxd"
|
"unixtools.xxd"
|
||||||
"usbutils" # lsusb
|
"usbutils" # lsusb
|
||||||
"util-linux" # lsblk, lscpu, etc
|
"util-linux" # lsblk, lscpu, etc
|
||||||
@@ -1161,6 +1162,7 @@ in
|
|||||||
util-linux.sandbox.method = null; #< TODO: possible to sandbox if i specify a different profile for each of its ~50 binaries
|
util-linux.sandbox.method = null; #< TODO: possible to sandbox if i specify a different profile for each of its ~50 binaries
|
||||||
|
|
||||||
"unixtools.ps".sandbox.keepPidsAndProc = true;
|
"unixtools.ps".sandbox.keepPidsAndProc = true;
|
||||||
|
"unixtools.sysctl" = {}; #< XXX: probably not sandboxed correctly for sysctl writes; only for reads
|
||||||
|
|
||||||
unzip.sandbox.autodetectCliPaths = "existingOrParent";
|
unzip.sandbox.autodetectCliPaths = "existingOrParent";
|
||||||
unzip.sandbox.whitelistPwd = true;
|
unzip.sandbox.whitelistPwd = true;
|
||||||
|
Reference in New Issue
Block a user