maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

container: optionally isolate host abstract UNIX domain sockets via landlock

Browse Source
This commit is contained in:
Clayton Gilmer
2025-08-18 12:00:52 +09:00
committed by Ophestra
parent 69a4ab8105
commit 5db0714072
17 changed files with 375 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
options.nix
View File

@@ -182,6 +182,7 @@ in
net = mkEnableOption "network access" // {
default = true;
};
abstract = mkEnableOption "abstract unix domain socket access";
nix = mkEnableOption "nix daemon access";
mapRealUid = mkEnableOption "mapping to priv-user uid";