colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sshfs-fuse: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-06 06:04:23 +00:00
parent ce7474603f
commit baf5aab4b9
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/common/programs/assorted.nix
View File

@@ -1114,7 +1114,7 @@ in
sqlite = {}; sqlite = {};
sshfs-fuse.sandbox.method = "bwrap"; #< N.B. if you call this from the CLI -- without `mount.fuse` -- set this to `none` sshfs-fuse.sandbox.method = "bunpen"; #< N.B. if you call this from the CLI -- without `mount.fuse` -- set this to `none`
sshfs-fuse.sandbox.net = "all"; sshfs-fuse.sandbox.net = "all";
sshfs-fuse.sandbox.autodetectCliPaths = "parent"; sshfs-fuse.sandbox.autodetectCliPaths = "parent";
# sshfs-fuse.sandbox.extraPaths = [ # sshfs-fuse.sandbox.extraPaths = [
@@ -1124,6 +1124,7 @@ in
sshfs-fuse.sandbox.extraHomePaths = [ sshfs-fuse.sandbox.extraHomePaths = [
".ssh/id_ed25519" #< TODO: add -o foo,bar=path/to/thing style arguments to autodetection ".ssh/id_ed25519" #< TODO: add -o foo,bar=path/to/thing style arguments to autodetection
]; ];
sshfs-fuse.sandbox.keepPids = true; #< XXX: bwrap didn't need this, but bunpen does. why?
strace.sandbox.enable = false; #< needs to `exec` its args, and therefore support *anything* strace.sandbox.enable = false; #< needs to `exec` its args, and therefore support *anything*