sandbox: add module for sandbox profiles
This could be used outside of nix-darwin, but this is mainly useful for
services since all of the inputs are known there.
{
# $ /usr/bin/sandbox-exec -f $profile $coreutils/bin/ls /
# ls: cannot access '/': Operation not permitted
security.sandbox.profiles.example.closure = [ pkgs.coreutils ];
}
This commit is contained in:
Daiderd Jordan
parent
10c34f1277
commit
1e67f6a2bc
2 changed files with 132 additions and 0 deletions
|
|
@ -20,6 +20,7 @@ let
|
|||
packages
|
||||
./modules/alias.nix
|
||||
./modules/security/pki
|
||||
./modules/security/sandbox
|
||||
./modules/system
|
||||
./modules/system/checks.nix
|
||||
./modules/system/activation-scripts.nix
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue