libgpiod (e.g. gpioinfo): sandbox

2024-10-29 09:12:39 +00:00
parent 1f7d6fb240
commit e51e5ebf18
1 changed files with 6 additions and 1 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -777,7 +777,12 @@ in

    libcap_ng.sandbox.enable = false;  # TODO: `pscap` can sandbox with bwrap, `captest` and `netcap` with landlock

-    libgpiod.sandbox.method = null;  #< TODO: sandbox
+    libgpiod.sandbox.extraPaths = [
+      # "/dev"  # really, /dev/gpiochip*
+      "/sys/bus/gpio"
+      "/sys/dev/char"
+      "/sys/devices"
+    ];

    libnotify.sandbox.whitelistDbus = [ "user" ];  # notify-send