iputils: sandbox with bunpen

2024-09-07 20:26:36 +00:00
parent 58b3411c8c
commit fc865574bf
1 changed files with 2 additions and 1 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -801,9 +801,10 @@ in
    # iptables.sandbox.capabilities = [ "net_admin" ];

    # iputils provides `ping` (and arping, clockdiff, tracepath)
-    iputils.sandbox.method = "landlock";
+    iputils.sandbox.method = "bunpen";
    iputils.sandbox.net = "all";
    iputils.sandbox.capabilities = [ "net_raw" ];
+    iputils.sandbox.tryKeepUsers = true;  # for `sudo arping 10.78.79.1`

    iw.sandbox.method = "landlock";
    iw.sandbox.net = "all";