From d53b4df4a815730fe6b030f40acea54f4bcccf48 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 11 Sep 2024 01:59:43 +0000
Subject: [PATCH] hdparm: sandbox with bunpen

---
 hosts/common/programs/assorted.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 2eb9fe9f2..a9b0c7ed8 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -768,8 +768,9 @@ in
     hase.sandbox.whitelistWayland = true;
 
     # hdparm: has to be run as sudo. e.g. `sudo hdparm -i /dev/sda`
-    hdparm.sandbox.method = "bwrap";
+    hdparm.sandbox.method = "bunpen";
     hdparm.sandbox.autodetectCliPaths = "existingFile";
+    hdparm.sandbox.tryKeepUsers = true;
 
     host.sandbox.method = "bunpen";
     host.sandbox.net = "all";  #< technically, only needs to contact localhost's DNS server