programs: sane-vpn: sandbox
This commit is contained in:
parent
ee7d99289a
commit
be2098c18a
|
@ -123,9 +123,9 @@ in
|
|||
};
|
||||
|
||||
"sane-scripts.ip-check".sandbox = {
|
||||
method = "bwrap";
|
||||
method = "landlock";
|
||||
wrapperType = "wrappedDerivation";
|
||||
net = "clearnet";
|
||||
net = "all";
|
||||
};
|
||||
|
||||
"sane-scripts.reclaim-boot-space".sandbox = {
|
||||
|
@ -191,6 +191,13 @@ in
|
|||
)
|
||||
{}
|
||||
(builtins.attrNames config.sane.vpn);
|
||||
"sane-scripts.vpn".sandbox = {
|
||||
method = "landlock"; #< bwrap can't handle `ip link` stuff even with cap_net_admin
|
||||
wrapperType = "wrappedDerivation";
|
||||
net = "all";
|
||||
capabilities = [ "net_admin" ];
|
||||
extraHomePaths = [ ".config/sane-vpn" ];
|
||||
};
|
||||
|
||||
"sane-scripts.which".sandbox = {
|
||||
method = "bwrap";
|
||||
|
|
Loading…
Reference in New Issue
Block a user