]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
Don't do proxy mounts in relaxed sandbox
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Wed, 11 Dec 2024 21:21:32 +0000 (21:21 +0000)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 12 Dec 2024 10:18:37 +0000 (10:18 +0000)
These aren't required in a relaxed sandbox.

mkosi/config.py

index e1aaf05efb79a42035820cc55a0c6074c6ef889c..108a47faa0b79f646518055e90a9c77b1e2d9273 100644 (file)
@@ -2069,12 +2069,14 @@ class Config:
         options: Sequence[PathString] = (),
         setup: Sequence[PathString] = (),
     ) -> AbstractContextManager[list[PathString]]:
-        opt: list[PathString] = [
-            *options,
-            *(["--ro-bind", str(p), "/proxy.cacert"] if (p := self.proxy_peer_certificate) else []),
-            *(["--ro-bind", str(p), "/proxy.clientcert"] if (p := self.proxy_client_certificate) else []),
-            *(["--ro-bind", str(p), "/proxy.clientkey"] if (p := self.proxy_client_key) else []),
-        ]
+        opt: list[PathString] = [*options]
+        if not relaxed:
+            if p := self.proxy_peer_certificate:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.cacert"]
+            if p := self.proxy_client_certificate:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.clientcert"]
+            if p := self.proxy_client_key:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.clientkey"]
 
         if (
             binary