From 28a93e24f6a33a8254c16c31961d523c71bdb1d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Smr=C5=BE?= <roman.smrz@seznam.cz>
Date: Sat, 5 Jul 2025 18:15:06 +0200
Subject: Isolate filesystems using mount namespace

Recursively bind and set to read-only all the host filesystems and
bind-mount as read-write only the test dir. Provide new writable tmpfs
under /tmp.

Changelog: Make host filesystems read-only for the test process (except for test dir)
---
 erebos-tester.cabal | 1 +
 1 file changed, 1 insertion(+)

(limited to 'erebos-tester.cabal')

diff --git a/erebos-tester.cabal b/erebos-tester.cabal
index 4fa1939..f540d09 100644
--- a/erebos-tester.cabal
+++ b/erebos-tester.cabal
@@ -62,6 +62,7 @@ executable erebos-tester
         Process
         Run
         Run.Monad
+        Sandbox
         Script.Expr
         Script.Expr.Class
         Script.Module
-- 
cgit v1.2.3