nix-files

Author	SHA1	Message	Date
Colin	f10f1ee7b1	modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells each subshell causes like 5ms just on my laptop, which really adds up. this implementation still forks internally, but doesn't exec. runtime decreases from 150ms -> 90ms for `time librewolf --sane-sandbox-replace-cli true`	2024-02-18 12:08:23 +00:00
Colin	088b6f1b9a	sane-sandboxed: load profiles via $NIX_PROFILES env var	2024-02-12 10:37:26 +00:00
Colin	00f995aec9	fixup landlock-sandboxer to work well for all systems downgrade lappy/desko/servo back to default linux; zfs doesn't support latest build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way	2024-01-31 21:19:10 +00:00
Colin	4319dc58eb	programs: landlock: restrict the capabilities of sandboxed processes	2024-01-27 09:49:51 +00:00
Colin	ef66d2ec72	sane-sandboxed: add support for landlock backend	2024-01-27 03:39:26 +00:00
Colin	6e9220d2bb	programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing	2024-01-23 10:44:13 +00:00
Colin	0ddcfcaa23	sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds	2024-01-23 08:01:23 +00:00
Colin	a4cb6645b4	programs: indirect firejail access through sane-sandboxed	2024-01-23 04:02:31 +00:00
Colin	2492ed2ca7	programs: introduce a sane-sandboxed helper not yet used, but will be soon	2024-01-23 02:29:33 +00:00