foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wrapper-manager/sandboxing/bubblewrap: add option for ensuring dying with parent

Browse Source
This commit is contained in:
Gabriel Arazas 2024-07-27 11:46:51 +08:00
parent 34f086a6a5
commit 971d786b81
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/wrapper-manager/sandboxing/bubblewrap/default.nix
View File

@ -45,6 +45,10 @@ let
enableIsolation = lib.mkEnableOption "unsharing most of the system" // { enableIsolation = lib.mkEnableOption "unsharing most of the system" // {
default = if isGlobal then true else cfg.enableIsolation; default = if isGlobal then true else cfg.enableIsolation;
}; };
enableEnsureChildDiesWithParent = lib.mkEnableOption "ensuring child processes die with parent" // {
default = if isGlobal then true else cfg.enableEnsureChildDiesWithParent;
};
}; };
in in
{ {
@ -104,6 +108,9 @@ in
(lib.mkIf submoduleCfg.enableIsolation { (lib.mkIf submoduleCfg.enableIsolation {
sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--unshare-all" ]; sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--unshare-all" ];
}) })
(lib.mkIf submoduleCfg.enableEnsureChildDiesWithParent {
sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--die-with-parent" ];
}) })
]); ]);
}; };