sanebox: allow /dev/fd in the sandbox by default

2024-08-05 22:55:12 +00:00
parent 5eca45891b
commit d1b4e9c923
1 changed files with 2 additions and 0 deletions
--- a/pkgs/additional/sanebox/sanebox
+++ b/pkgs/additional/sanebox/sanebox
@@ -768,7 +768,9 @@ landlockSetup() {
  # typical failure mode:
  # - /tmp: application can't perform its task
  # - /dev/{null,random,urandom,zero}: application warns but works around it
+  # - /dev/fd/*: application fails to open its stdin/stdout/etc
  paths+=(
+    /dev/fd
    /dev/null
    /dev/random
    /dev/urandom