nix: expose no_new_session in module
All checks were successful
test / test (push) Successful in 14s

Useful for shells and terminal programs like chat clients.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-11-28 00:19:06 +09:00
parent b291f0b710
commit 95668ac998
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 27 additions and 1 deletions

View File

@ -123,6 +123,7 @@ in
env env
; ;
map_real_uid = app.mapRealUid; map_real_uid = app.mapRealUid;
no_new_session = app.tty;
filesystem = filesystem =
[ [
{ src = "/bin"; } { src = "/bin"; }

View File

@ -36,7 +36,7 @@ package
*Default:* *Default:*
` <derivation fortify-0.1.0> ` ` <derivation fortify-0.2.1> `
@ -478,6 +478,30 @@ null or package
## environment\.fortify\.apps\.\*\.tty
Whether to enable allow access to the controlling terminal\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.fortify\.apps\.\*\.userns ## environment\.fortify\.apps\.\*\.userns

View File

@ -133,6 +133,7 @@ in
userns = mkEnableOption "userns within the sandbox"; userns = mkEnableOption "userns within the sandbox";
mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox"; mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox";
dev = mkEnableOption "access to all devices within the sandbox"; dev = mkEnableOption "access to all devices within the sandbox";
tty = mkEnableOption "allow access to the controlling terminal";
net = mkEnableOption "network access within the sandbox" // { net = mkEnableOption "network access within the sandbox" // {
default = true; default = true;