088b6f1b9a
sane-sandboxed: load profiles via $NIX_PROFILES env var
2024-02-12 10:37:26 +00:00
00f995aec9
fixup landlock-sandboxer to work well for all systems
...
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest
build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
2024-01-31 21:19:10 +00:00
4319dc58eb
programs: landlock: restrict the capabilities of sandboxed processes
2024-01-27 09:49:51 +00:00
ef66d2ec72
sane-sandboxed: add support for landlock backend
2024-01-27 03:39:26 +00:00
6e9220d2bb
programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing
2024-01-23 10:44:13 +00:00
0ddcfcaa23
sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds
2024-01-23 08:01:23 +00:00
a4cb6645b4
programs: indirect firejail access through sane-sandboxed
2024-01-23 04:02:31 +00:00
2492ed2ca7
programs: introduce a sane-sandboxed helper
...
not yet used, but will be soon
2024-01-23 02:29:33 +00:00