Expand default path coverage for common tools

2026-05-15 10:08:22 +02:00
parent 3fb0da0577
commit 4babf33439
1 changed files with 11 additions and 0 deletions
@@ -164,9 +164,12 @@ fn add_blacklist_mode(cmd: &mut Command) -> Result<(), SandboxError> {
            "/run/udev",
            "/run/NetworkManager/resolv.conf",
            "/run/media",
+            "/run/utmp",
        ],
    );

+    cmd.arg("--tmpfs").arg("/run/systemd/system");
+
    ensure_parent_dirs(cmd, "/run", &ctx.run_user);
    cmd.arg("--tmpfs").arg(&ctx.run_user);
    let run_user_bus = format!("{}/bus", ctx.run_user);
@@ -204,6 +207,14 @@ fn add_whitelist_mode(
        "/etc/hostname",
        "/etc/localtime",
        "/etc/machine-id",
+        "/etc/os-release",
+        "/etc/lsb-release",
+        "/etc/locale.conf",
+        "/etc/inputrc",
+        "/etc/shells",
+        "/etc/man_db.conf",
+        "/etc/pki",
+        "/etc/timezone",
    ] {
        cmd.args(["--ro-bind-try", path, path]);
    }