ssh: fix sandboxing to support "tailscale ssh"
This commit is contained in:
@@ -7,6 +7,9 @@ in
|
||||
packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.openssh "ssh";
|
||||
sandbox.net = "all";
|
||||
sandbox.whitelistSsh = true;
|
||||
# sandbox.autodetectCliPaths = "existingFile"; # to support `-o 'UserKnownHostsFile /path/...'`
|
||||
sandbox.extraPaths = [ "/var/run/tailscale" ]; # `tailscale ssh` invokes ssh in a way that somehow calls _back_ into ts, not clear how.
|
||||
sandbox.extraHomePaths = [ ".config/tailscale/ssh_known_hosts" ];
|
||||
suggestedPrograms = [ "ssh-agent" ];
|
||||
};
|
||||
|
||||
|
Reference in New Issue
Block a user