bundlewrap/bundles/left4me/files/etc/left4me/sandbox-resolv.conf at c6caf2a1cf532cc675778840689daaba28891621 - cronekorkn/bundlewrap - Forgejo: Beyond coding. We Forge.

cronekorkn/bundlewrap

CroneKorkN 6db792ce6a

left4me: vendor privileged helpers + sudoers/sysctl/sandbox-resolv

Copied verbatim from left4me/deploy/files/. Helpers are the trust unit
the sudoers rules grant access to; left as static files (not generated)
so the audit trail stays grep-able. Modes/owners are set via items.py
in the next commit.

2026-05-10 17:10:17 +02:00

6 lines

330 B

Text

Raw Blame History

 # Sandbox-only resolver config — bind-mounted into script-overlay sandboxes
 # at /etc/resolv.conf. The host's resolver (often a private/LAN DNS server)
 # is unreachable from inside the sandbox because IPAddressDeny= blocks
 # egress to RFC1918 / loopback. Public resolvers keep DNS working.
 nameserver 1.1.1.1
 nameserver 8.8.8.8