sysctl: ship it

This commit is contained in:
2024-12-05 00:06:43 +00:00
parent e1c8d0d610
commit a8810d336c

View File

@@ -110,6 +110,7 @@ in
"tcpdump" "tcpdump"
"tree" "tree"
"unixtools.ps" "unixtools.ps"
"unixtools.sysctl"
"unixtools.xxd" "unixtools.xxd"
"usbutils" # lsusb "usbutils" # lsusb
"util-linux" # lsblk, lscpu, etc "util-linux" # lsblk, lscpu, etc
@@ -1161,6 +1162,7 @@ in
util-linux.sandbox.method = null; #< TODO: possible to sandbox if i specify a different profile for each of its ~50 binaries util-linux.sandbox.method = null; #< TODO: possible to sandbox if i specify a different profile for each of its ~50 binaries
"unixtools.ps".sandbox.keepPidsAndProc = true; "unixtools.ps".sandbox.keepPidsAndProc = true;
"unixtools.sysctl" = {}; #< XXX: probably not sandboxed correctly for sysctl writes; only for reads
unzip.sandbox.autodetectCliPaths = "existingOrParent"; unzip.sandbox.autodetectCliPaths = "existingOrParent";
unzip.sandbox.whitelistPwd = true; unzip.sandbox.whitelistPwd = true;