From fc5a1c7d5ea752a647dcbc6a4a73f604e9e63c0c Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 3 Sep 2024 14:12:36 +0000
Subject: [PATCH] pkill: sandbox with bunpen

---
 hosts/common/programs/pkill.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/pkill.nix b/hosts/common/programs/pkill.nix
index 22d56b71e..e7bb4ccba 100644
--- a/hosts/common/programs/pkill.nix
+++ b/hosts/common/programs/pkill.nix
@@ -2,7 +2,8 @@
 {
   sane.programs.pkill = {
     packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "pkill";
-    sandbox.method = "bwrap";
+    sandbox.method = "bunpen";
     sandbox.isolatePids = false;
+    sandbox.extraPaths = [ "/proc" ];
   };
 }