From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 2 Jan 2024 12:40:18 +0000 (+0100)
Subject: Stop using bwrap() for systemd-dissect
X-Git-Tag: v20~17^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1befed61d359f57f8ed59c4706671ebeab722a92;p=thirdparty%2Fmkosi.git

Stop using bwrap() for systemd-dissect

systemd-dissect needs to mount stuff in the current mount namespace,
bwrap always creates a new mount namespace, so we can't sandbox
systemd-dissect.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index ffb26d1f1..69a4cc2fb 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -102,8 +102,8 @@ def mount_base_trees(context: Context) -> Iterator[None]:
                 extract_tar(context, path, d)
                 bases += [d]
             elif path.suffix == ".raw":
-                bwrap(context, ["systemd-dissect", "-M", path, d])
-                stack.callback(lambda: bwrap(context, ["systemd-dissect", "-U", d]))
+                run(["systemd-dissect", "-M", path, d])
+                stack.callback(lambda: run(["systemd-dissect", "-U", d]))
                 bases += [d]
             else:
                 die(f"Unsupported base tree source {path}")