colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
9,091 Commits 141 Branches 1 Tag
a72bc90e901b8801c881c99a162348bdacc18e1c
Commit Graph

18 Commits

Author SHA1 Message Date
Colin
864e75afce sanebox: purge 2024-10-29 05:59:01 +00:00
Colin
61df81291b refactor: optimize eval time 
lifting `let` bindings up where possible helps reduce the number of thunks nix has to allocate. this patch only does that by 0.3%-ish, though
 2024-10-01 03:54:44 +00:00
Colin
208b634040 programs/sandboxing: add required args to use pasta 2024-09-21 12:21:11 +00:00
Colin
8979ff0eec bunpen: plumb pasta related arguments into make-sandboxed 
for testing only: these options don't yet have the intended effect
 2024-09-19 23:54:43 +00:00
Colin
3ef98a5ab3 modules/programs: support "sandbox.keepIpc = true" 2024-09-07 22:10:11 +00:00
Colin
8255e419be modules/programs: rename "keepUsers" -> "tryKeepUsers" 2024-09-06 06:32:49 +00:00
Colin
ce7a082447 modules/programs: plum sandbox.keepPids and whitelistPwd into bunpen 2024-09-03 02:25:28 +00:00
Colin
737df8c10e modules/programs: plumb capabilities into bunpen sandboxer 2024-08-30 20:36:11 +00:00
Colin
f26f13ddf3 bunpen: bind "safe"-ish /de items 2024-08-29 20:13:37 +00:00
Colin
14929c1102 programs: plum --bunpen-autodetect into modules/programs API 2024-08-28 11:37:18 +00:00
Colin
b9fc61e627 modules/programs: plumb bunpen's home/run path binds 2024-08-27 20:36:31 +00:00
Colin
3417a9fd3f sanebox: remove the portal logic, and delegate it to manual handling by those few apps which truly need special casing 
it's a questionable responsibility to give to the sandbox itself (unless i also have the sandbox do things like dbus proxying, someday). and it will make the bunpen implementation simpler
 2024-08-27 11:00:15 +00:00
Colin
c86d893a2c modules/programs: sandbox: allow method = "bunpen" 2024-08-23 16:00:31 +00:00
Colin
effec38a99 modules/programs: sandbox: introduce an interface which will allow for sandboxers other than sanebox 2024-08-23 16:00:31 +00:00
Colin
7b1bc210fd sanebox: integrate with pasta (passt) for better net sandboxing 2024-05-25 09:39:18 +00:00
Colin
ffe599e5cb sanebox: rename --sanebox-net to --sanebox-net-dev 2024-05-25 08:13:35 +00:00
Colin
b5502ea401 sanebox: remove --sanebox-cache-symlink flag 2024-05-15 23:59:38 +00:00
Colin
348837ff4a programs: sandboxing: replace profiles with raw CLI args 2024-05-15 09:13:20 +00:00