programs: sane-vpn: sandbox
This commit is contained in:
parent
ee7d99289a
commit
be2098c18a
|
@ -123,9 +123,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
"sane-scripts.ip-check".sandbox = {
|
"sane-scripts.ip-check".sandbox = {
|
||||||
method = "bwrap";
|
method = "landlock";
|
||||||
wrapperType = "wrappedDerivation";
|
wrapperType = "wrappedDerivation";
|
||||||
net = "clearnet";
|
net = "all";
|
||||||
};
|
};
|
||||||
|
|
||||||
"sane-scripts.reclaim-boot-space".sandbox = {
|
"sane-scripts.reclaim-boot-space".sandbox = {
|
||||||
|
@ -191,6 +191,13 @@ in
|
||||||
)
|
)
|
||||||
{}
|
{}
|
||||||
(builtins.attrNames config.sane.vpn);
|
(builtins.attrNames config.sane.vpn);
|
||||||
|
"sane-scripts.vpn".sandbox = {
|
||||||
|
method = "landlock"; #< bwrap can't handle `ip link` stuff even with cap_net_admin
|
||||||
|
wrapperType = "wrappedDerivation";
|
||||||
|
net = "all";
|
||||||
|
capabilities = [ "net_admin" ];
|
||||||
|
extraHomePaths = [ ".config/sane-vpn" ];
|
||||||
|
};
|
||||||
|
|
||||||
"sane-scripts.which".sandbox = {
|
"sane-scripts.which".sandbox = {
|
||||||
method = "bwrap";
|
method = "bwrap";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user