Colin
539d9e45a2
they require fundamentally different sandboxing approaches. the daemon *can't* always use bwrap if it wants to run as non-root. meanwhile the CLI tools would mostly *prefer* to run under bwrap. in the long term i'll maybe upstream the systemd sandboxing into nixpkgs, where there looks to be desire for it
8 lines
126 B
Nix
8 lines
126 B
Nix
{ pkgs, ... }:
|
|
{
|
|
sane.programs.nmcli = {
|
|
packageUnwrapped = pkgs.networkmanager-split.nmcli;
|
|
# TODO: sandbox
|
|
};
|
|
}
|