Unshare fewer namespaces

These were primarily unshared to get the systemd unit test suite passing.
Now that the systemd test suite passes even if these are not unshared,
let's stop unsharing them as they don't make much sense for the operations
were doing and nspawn doesn't run when some of these are unshared.

diff --git a/mkosi/bubblewrap.py b/mkosi/bubblewrap.py
index 2a5c75dacec8ef7476c5f7a690ec63ca0577282c..4242d3ecde4ef06ca9dc3943d9f25dc96ad6b18b 100644 (file)
--- a/mkosi/bubblewrap.py
+++ b/mkosi/bubblewrap.py
@@ -91,9 +91,6 @@ def bwrap(
         "--bind", "/tmp", "/tmp",
         "--bind", Path.cwd(), Path.cwd(),
         "--chdir", Path.cwd(),
-        "--unshare-pid",
-        "--unshare-ipc",
-        "--unshare-cgroup",
         *(["--unshare-net"] if not network and have_effective_cap(Capability.CAP_NET_ADMIN) else []),
         "--die-with-parent",
         "--proc", "/proc",