sane-reclaim-disk-space: fix capability sandboxing

This commit is contained in:
2025-01-22 10:50:49 +00:00
parent 83477b9e70
commit c1565efb2d

View File

@@ -140,7 +140,10 @@ in
"sane-scripts.reclaim-disk-space".sandbox = {
method = "bunpen";
extraPaths = [ "/nix/var/nix" ];
capabilities = [ "sys_admin" ]; # for it to remount /nix/store
capabilities = [
"dac_override" # some packages have files which aren't `w`
"sys_admin" # for it to remount /nix/store
];
tryKeepUsers = true;
};