colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

inetutils: sandbox with bunpen

Browse Source
This commit is contained in:
Colin
2024-09-07 20:22:29 +00:00
parent c735c0e11e
commit e517c5cecf
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/common/programs/assorted.nix
View File

@@ -773,7 +773,10 @@ in
# inetutils: ping, ifconfig, hostname, traceroute, whois, .... # inetutils: ping, ifconfig, hostname, traceroute, whois, ....
# N.B.: inetutils' `ping` is shadowed by iputils' ping (by nixos, intentionally). # N.B.: inetutils' `ping` is shadowed by iputils' ping (by nixos, intentionally).
inetutils.sandbox.method = "landlock"; # want to keep the same netns, at least. inetutils.sandbox.method = "bunpen"; # want to keep the same netns, at least.
inetutils.sandbox.net = "all";
inetutils.sandbox.capabilities = [ "net_raw" ]; # for `sudo traceroute google.com`
inetutils.sandbox.tryKeepUsers = true;
iotop.sandbox.method = "landlock"; iotop.sandbox.method = "landlock";
iotop.sandbox.extraPaths = [ iotop.sandbox.extraPaths = [