seatd: sandbox with bwrap
it always surprises my that you can sandbox something with cap_sys_admin like this... i think this works *only* because the user is root
This commit is contained in:
parent
4b9c125c8c
commit
fa94fa8e6c
|
@ -5,7 +5,7 @@ in
|
|||
lib.mkMerge [
|
||||
{
|
||||
sane.programs.seatd = {
|
||||
sandbox.method = "landlock";
|
||||
sandbox.method = "bwrap";
|
||||
sandbox.capabilities = [
|
||||
"sys_tty_config" "sys_admin"
|
||||
"chown"
|
||||
|
|
Loading…
Reference in New Issue
Block a user