programs: btrfs: better sandboxing

2024-11-11 12:41:48 +00:00
parent ce43b00707
commit bb09575028
1 changed files with 5 additions and 0 deletions
--- a/hosts/common/programs/btrfs-progs.nix
+++ b/hosts/common/programs/btrfs-progs.nix
@@ -7,6 +7,11 @@ in
    sandbox.autodetectCliPaths = "existing";  # e.g. `btrfs filesystem df /my/fs`
    sandbox.extraPaths = [
      "/dev/btrfs-control"
+      #vvv required for `sudo btrfs filesystem show` with no args
+      "/dev"
+      "/sys/block"
+      "/sys/dev/block"
+      "/sys/devices"
    ];
    sandbox.tryKeepUsers = true;
    sandbox.capabilities = [ "sys_admin" ];  # for `btrfs scrub`