We need https://github.com/systemd/systemd/issues/35000 to make this
not confusing. Currently there's zero feedback that a user is in a sandbox
shell.
def run_sandbox(args: Args, config: Config) -> None:
- cmdline = args.cmdline or [os.getenv("SHELL", "bash")]
+ if not args.cmdline:
+ die("Please specify a command to execute in the sandbox")
+
mounts = finalize_crypto_mounts(config, relaxed=True)
# Since we reuse almost every top level directory from the host except /usr, the crypto mountpoints
)
run(
- cmdline,
+ args.cmdline,
stdin=sys.stdin,
stdout=sys.stdout,
env=os.environ | {"MKOSI_IN_SANDBOX": "1"},