diff --git a/nixos.nix b/nixos.nix
index 3b35a5c..5e5593d 100644
--- a/nixos.nix
+++ b/nixos.nix
@@ -123,6 +123,7 @@ in
                           env
                           ;
                         map_real_uid = app.mapRealUid;
+                        no_new_session = app.tty;
                         filesystem =
                           [
                             { src = "/bin"; }
diff --git a/options.md b/options.md
index 18acd56..391c690 100644
--- a/options.md
+++ b/options.md
@@ -36,7 +36,7 @@ package
 
 
 *Default:*
-` <derivation fortify-0.1.0> `
+` <derivation fortify-0.2.1> `
 
 
 
@@ -478,6 +478,30 @@ null or package
 
 
 
+## environment\.fortify\.apps\.\*\.tty
+
+
+
+Whether to enable allow access to the controlling terminal\.
+
+
+
+*Type:*
+boolean
+
+
+
+*Default:*
+` false `
+
+
+
+*Example:*
+` true `
+
+
+
+
 ## environment\.fortify\.apps\.\*\.userns
 
 
diff --git a/options.nix b/options.nix
index 5f0d67f..adf19f4 100644
--- a/options.nix
+++ b/options.nix
@@ -133,6 +133,7 @@ in
               userns = mkEnableOption "userns within the sandbox";
               mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox";
               dev = mkEnableOption "access to all devices within the sandbox";
+              tty = mkEnableOption "allow access to the controlling terminal";
 
               net = mkEnableOption "network access within the sandbox" // {
                 default = true;