|
|
864e75afce
|
sanebox: purge
|
2024-10-29 05:59:01 +00:00 |
|
|
|
440db76ddc
|
fix sane-private-unlock sandboxing
|
2024-10-06 07:50:21 +00:00 |
|
|
|
48c81610a5
|
sane.fs: remove public access to the "unit" fields
fs entries soon won't correspond to systemd units, and hence that option's a bit nonsensical
|
2024-09-30 09:10:40 +00:00 |
|
|
|
d7c26b736c
|
remove all users of sane.fs.*.generated (except derived-secrets, that comes later)
this will allow me to reduce the scope of sane.fs, and then optimize it to not create a systemd service per each entry
|
2024-09-28 14:25:40 +00:00 |
|
|
|
31615340a7
|
programs/assorted: remove explicit (and extraneous) sandbox.method = "bunpen" declarations
|
2024-09-21 23:35:06 +00:00 |
|
|
|
1599df26e7
|
/mnt/persist/private: remove unneeded "sandbox.keepPids"
|
2024-09-10 01:09:21 +00:00 |
|
|
|
8ae7e255e5
|
gocryptfs: sandbox with bunpen
|
2024-09-10 00:02:03 +00:00 |
|
|
|
95994de1ad
|
provision-private-key (/run/gocryptfs/private.key): sandbox with bunpen
|
2024-09-09 03:56:55 +00:00 |
|
|
|
3e182b2a06
|
modules/persist: lint
|
2024-09-04 13:13:14 +00:00 |
|
|
|
020e5f8c6e
|
/mnt/persist/private: split waiting on the keyfile out of the mount process
|
2024-08-06 02:03:55 +00:00 |
|
|
|
809c3af7fa
|
/mnt/persist/private: minor improvements to file permissions
|
2024-08-06 01:26:53 +00:00 |
|
|
|
93cb1bc546
|
/mnt/persist/private: sandbox in a way that the actual gocryptfs instance doesn't get CAP_SYS_ADMIN
|
2024-08-06 00:52:48 +00:00 |
|
