From 01d5c9aec1eb411412276d277e59bc2cd1254d8a Mon Sep 17 00:00:00 2001
From: iacore <you@example.com>
Date: Sun, 1 Oct 2023 08:34:34 +0000
Subject: [PATCH] Add some sandboxing

---
 dinit-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dinit-service b/dinit-service
index 56201bc..703088b 100644
--- a/dinit-service
+++ b/dinit-service
@@ -5,7 +5,7 @@
 
 type = process
 # change the following line based on where the executable is
-command = /usr/bin/env PORT=/srv/http/pages/status /opt/status/status
+command = /usr/bin/bwrap --bind / / --tmpfs /home --unshare-all --share-net /opt/status/status
 working-dir = /opt/status
 logfile = $HOME/.log/exozyme-status.log
 load-options = sub-vars