|
40e30cf2f8
|
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
|
2024-02-28 17:39:00 +00:00 |
|
|
080bd856ec
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
|
c9af5bf9b4
|
programs: sandboxing: enable net isolation for most sandboxed programs
|
2024-02-08 21:51:32 +00:00 |
|
|
1cb2c5225f
|
programs: use wrapperType=wrappedDerivation where possible
|
2024-01-29 12:07:04 +00:00 |
|
|
b29b8bdec7
|
wireshark: specify capabilities via sandbox.capabilities config
|
2024-01-27 17:12:40 +00:00 |
|
|
dae7785ee2
|
wireshark: remove dead code
|
2024-01-27 09:04:08 +00:00 |
|
|
3e6278fa21
|
wireshark: sandbox with landlock instead of firejail
and remove the SUID wrapper, yay!
|
2024-01-27 04:44:21 +00:00 |
|
|
f148334b58
|
programs: port extraFirejailConfig to extraConfig
|
2024-01-23 14:57:33 +00:00 |
|
|
c11f5a1401
|
wireshark: fix security.wrappers when wireshark is disabled
|
2024-01-22 23:58:04 +00:00 |
|
|
5b220f3fec
|
wireshark: enable firejail isolation
|
2024-01-22 13:12:10 +00:00 |
|
|
91c2f6fc95
|
implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
i'm not sure this is the exact right abstraction, but it's a starting point
|
2023-11-18 22:06:42 +00:00 |
|
|
9340d5f391
|
programs: remove explicit default definitions
|
2023-07-03 07:49:44 +00:00 |
|
|
20e2ff1fe7
|
programs: ship wireshark
|
2023-05-10 04:52:12 +00:00 |
|