programs: wireguard-tools: sandbox

2024-02-17 15:54:16 +00:00 · 2024-02-17 15:54:16 +00:00 · af1ee1734d
commit af1ee1734d
parent 5375cab716
1 changed files with 5 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -921,6 +921,11 @@ in

    whalebird.persist.byStore.private = [ ".config/Whalebird" ];

+    # `wg`, `wg-quick`
+    wireguard-tools.sandbox.method = "landlock";
+    wireguard-tools.sandbox.wrapperType = "wrappedDerivation";
+    wireguard-tools.sandbox.capabilities = [ "net_admin" ];
+
    # provides `iwconfig`, `iwlist`, `iwpriv`, ...
    wirelesstools.sandbox.method = "landlock";
    wirelesstools.sandbox.wrapperType = "wrappedDerivation";