colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/programs: plum sandbox.keepPids and whitelistPwd into bunpen

Browse Source
This commit is contained in:
Colin
2024-09-03 02:25:28 +00:00
parent 53c4054bb7
commit ce7a082447
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/programs/make-sandbox-args.nix
View File

@@ -32,6 +32,7 @@ let
bunpenGenerators = {
autodetectCliPaths = style: [ "--bunpen-autodetect" style ];
capability = cap: [ "--bunpen-cap" cap ];
keepPids = [ "--bunpen-keep-pid" ];
method = m: assert m == "bunpen";
# smuggle in some defaults
(lib.concatMap (devnode: [ "--bunpen-path" "/dev/${devnode}" ]) [
@@ -53,6 +54,7 @@ let
path = p: [ "--bunpen-path" p ];
path-home = p: [ "--bunpen-home-path" p ];
path-run = p: [ "--bunpen-run-path" p ];
whitelistPwd = [ "--bunpen-path" "." ];
};
gen = if method == "bunpen" then
bunpenGenerators