diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 74ccb4809..c9f982897 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -1114,7 +1114,7 @@ in
 
     sqlite = {};
 
-    sshfs-fuse.sandbox.method = "bwrap";  #< N.B. if you call this from the CLI -- without `mount.fuse` -- set this to `none`
+    sshfs-fuse.sandbox.method = "bunpen";  #< N.B. if you call this from the CLI -- without `mount.fuse` -- set this to `none`
     sshfs-fuse.sandbox.net = "all";
     sshfs-fuse.sandbox.autodetectCliPaths = "parent";
     # sshfs-fuse.sandbox.extraPaths = [
@@ -1124,6 +1124,7 @@ in
     sshfs-fuse.sandbox.extraHomePaths = [
       ".ssh/id_ed25519"  #< TODO: add -o foo,bar=path/to/thing style arguments to autodetection
     ];
+    sshfs-fuse.sandbox.keepPids = true;  #< XXX: bwrap didn't need this, but bunpen does. why?
 
     strace.sandbox.enable = false;  #< needs to `exec` its args, and therefore support *anything*