colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: iproute: use a less restrictive sandbox

Browse Source
This commit is contained in:
Colin
2024-03-26 10:54:29 +00:00
parent 3cf42db7dc
commit fb79ca4c8e
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/assorted.nix
View File

@@ -552,6 +552,10 @@ in
iproute2.sandbox.method = "landlock";
iproute2.sandbox.net = "all";
iproute2.sandbox.capabilities = [ "net_admin" ];
iproute2.sandbox.extraPaths = [
"/run/netns" # for `ip netns ...` to work
"/var/run/netns"
];
iptables.sandbox.method = "landlock";
iptables.sandbox.net = "all";