diff options
| -rw-r--r-- | modules/security/sandbox/default.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/security/sandbox/default.nix b/modules/security/sandbox/default.nix index bd8050f..6f47720 100644 --- a/modules/security/sandbox/default.nix +++ b/modules/security/sandbox/default.nix @@ -11,6 +11,7 @@ let options = { profile = mkOption { type = types.lines; + internal = true; apply = text: pkgs.runCommandNoCC "sandbox.sb" {} '' for f in $(< ${config.closure}/store-paths); do storePaths+="(subpath \"$f\")" @@ -44,6 +45,7 @@ let allowSystemPaths = mkOption { type = types.bool; default = false; + description = "Whether to allow read access to FHS paths like /etc and /var."; }; allowLocalNetworking = mkOption { |