sandbox: remove /run/wrappers: SUID wrappers dont really accomplish much inside a namespace

2024-05-25 10:52:38 +00:00 · 2024-05-25 10:52:38 +00:00 · af72f312d3
commit af72f312d3
parent efa1ee6c69
1 changed files with 1 additions and 1 deletions
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@ -51,7 +51,7 @@ let

          "/etc"  #< especially for /etc/profiles/per-user/$USER/bin
          "/run/current-system"  #< for basics like `ls`, and all this program's `suggestedPrograms` (/run/current-system/sw/bin)
-          "/run/wrappers"  #< SUID wrappers. TODO: remove!
+          # "/run/wrappers"  #< SUID wrappers. they don't mean much inside a namespace.
          # /run/opengl-driver is a symlink into /nix/store; needed by e.g. mpv
          "/run/opengl-driver"
          "/run/opengl-driver-32"  #< XXX: doesn't exist on aarch64?