Implements fhs docker env with ptrace

2019-07-10 08:10:54 +00:00 · 2019-07-10 08:10:54 +00:00 · 35285b632b
commit 35285b632b
parent a3ed0c31f6
1 changed files with 4 additions and 0 deletions
--- a/security.nix
+++ b/security.nix
@ -52,6 +52,10 @@ in {
  environment.systemPackages = with pkgs; [
    (writeShellScriptBin "fhs" "sudo ${fhs}/bin/fhs")
    (writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox")
+    (writeShellScriptBin "fhs-ptrace"
+      ("sudo ${pkgs.docker}/bin/docker run -v /home/user:/home/user " +
+       "--cap-add=SYS_PTRACE --security-opt seccomp=unconfined" +
+       " -e \"HOST_PWD=$PWD\" -it fhs"))
  ];

  security.wrappers = {