infra/localhost
1
0
Fork 0
Code Releases Activity

Implements fhs docker env with ptrace

Browse Source
This commit is contained in:
dump_stack() 2019-07-10 08:10:54 +00:00
parent a3ed0c31f6
commit 35285b632b
Signed by: dump_stack
GPG Key ID: BE44DA8C062D87DC
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security.nix
View File

@ -52,6 +52,10 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(writeShellScriptBin "fhs" "sudo ${fhs}/bin/fhs") (writeShellScriptBin "fhs" "sudo ${fhs}/bin/fhs")
(writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox") (writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox")
(writeShellScriptBin "fhs-ptrace"
("sudo ${pkgs.docker}/bin/docker run -v /home/user:/home/user " +
"--cap-add=SYS_PTRACE --security-opt seccomp=unconfined" +
" -e \"HOST_PWD=$PWD\" -it fhs"))
]; ];
security.wrappers = { security.wrappers = {