programs: iproute: use a less restrictive sandbox
This commit is contained in:
parent
3cf42db7dc
commit
fb79ca4c8e
|
@ -552,6 +552,10 @@ in
|
||||||
iproute2.sandbox.method = "landlock";
|
iproute2.sandbox.method = "landlock";
|
||||||
iproute2.sandbox.net = "all";
|
iproute2.sandbox.net = "all";
|
||||||
iproute2.sandbox.capabilities = [ "net_admin" ];
|
iproute2.sandbox.capabilities = [ "net_admin" ];
|
||||||
|
iproute2.sandbox.extraPaths = [
|
||||||
|
"/run/netns" # for `ip netns ...` to work
|
||||||
|
"/var/run/netns"
|
||||||
|
];
|
||||||
|
|
||||||
iptables.sandbox.method = "landlock";
|
iptables.sandbox.method = "landlock";
|
||||||
iptables.sandbox.net = "all";
|
iptables.sandbox.net = "all";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user