seatd: sandbox with bwrap

it always surprises my that you can sandbox something with cap_sys_admin like this... i think this works *only* because the user is root
2024-05-29 19:09:57 +00:00 · 2024-05-29 19:09:57 +00:00 · fa94fa8e6c
commit fa94fa8e6c
parent 4b9c125c8c
1 changed files with 1 additions and 1 deletions
--- a/hosts/common/programs/seatd.nix
+++ b/hosts/common/programs/seatd.nix
@ -5,7 +5,7 @@ in
 lib.mkMerge [
  {
    sane.programs.seatd = {
-      sandbox.method = "landlock";
+      sandbox.method = "bwrap";
      sandbox.capabilities = [
        "sys_tty_config" "sys_admin"
        "chown"