From 35285b632b2dcdcf4f5c6434615e0ca4814483ee Mon Sep 17 00:00:00 2001
From: Mikhail Klementev <blame@dumpstack.io>
Date: Wed, 10 Jul 2019 08:10:54 +0000
Subject: [PATCH] Implements fhs docker env with ptrace

---
 security.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security.nix b/security.nix
index ad6e563..2a6bf89 100644
--- a/security.nix
+++ b/security.nix
@@ -52,6 +52,10 @@ in {
   environment.systemPackages = with pkgs; [
     (writeShellScriptBin "fhs" "sudo ${fhs}/bin/fhs")
     (writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox")
+    (writeShellScriptBin "fhs-ptrace"
+      ("sudo ${pkgs.docker}/bin/docker run -v /home/user:/home/user " +
+       "--cap-add=SYS_PTRACE --security-opt seccomp=unconfined" +
+       " -e \"HOST_PWD=$PWD\" -it fhs"))
   ];
 
   security.wrappers = {