redox/config/x86_64/desktop-contain.toml

# Desktop configuration using the Contain sandbox

include = ["../desktop.toml"]

# Override the default settings here

# General settings
[general]
# Filesystem size in MiB
# filesystem_size = 1024

# Package settings
[packages]
# example = {}

# Override orbital init to use contain_orblogin
[[files]]
path = "/usr/lib/init.d/20_orbital"
data = """
requires_weak 10_net.target 20_audiod.service
nowait VT=3 orbital contain_orblogin launcher
"""

# Override console init to use contain
[[files]]
path = "/usr/lib/init.d/30_console"
data = """
requires_weak 20_orbital
nowait getty --contain 2
nowait getty --contain /scheme/debug/no-preserve -J
"""

[[files]]
path = "/etc/contain.toml"
data = """
pass_schemes = ["rand", "null", "tcp", "udp", "thisproc", "pty", "orbital", "display.vesa"]
sandbox_schemes = ["file"]
files = ["file:/dev/null"]
rofiles = ["file:/etc/passwd", "file:/etc/hostname", "file:/etc/localtime"]
dirs = ["file:/tmp"]
rodirs = ["file:/bin", "file:/ui"]
"""