From f714bd82817392ac77825c0576379e8b52c30961 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 25 Feb 2024 01:56:30 +0000
Subject: [PATCH] programs: jq: sandbox

---
 hosts/common/programs/assorted.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index c90214e2..7989f758 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -587,9 +587,9 @@ in
     iw.sandbox.net = "all";
     iw.sandbox.capabilities = [ "net_admin" ];
 
-    # jq.sandbox.method = "bwrap";
-    # jq.sandbox.wrapperType = "wrappedDerivation";
-    # jq.sandbox.autodetectCliPaths = true;  # liable to over-detect, but how else to sandbox?
+    jq.sandbox.method = "bwrap";
+    jq.sandbox.wrapperType = "wrappedDerivation";
+    jq.sandbox.autodetectCliPaths = "existingFile";
 
     killall.sandbox.method = "landlock";
     killall.sandbox.wrapperType = "wrappedDerivation";