From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 2 Jan 2024 16:11:12 +0000 (+0100)
Subject: Unshare fewer namespaces
X-Git-Tag: v20~17^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37f0c24ec8f32c4bc6316f537288eaeb2eda7bac;p=thirdparty%2Fmkosi.git

Unshare fewer namespaces

These were primarily unshared to get the systemd unit test suite passing.
Now that the systemd test suite passes even if these are not unshared,
let's stop unsharing them as they don't make much sense for the operations
were doing and nspawn doesn't run when some of these are unshared.
---

diff --git a/mkosi/bubblewrap.py b/mkosi/bubblewrap.py
index 2a5c75dac..4242d3ecd 100644
--- a/mkosi/bubblewrap.py
+++ b/mkosi/bubblewrap.py
@@ -91,9 +91,6 @@ def bwrap(
         "--bind", "/tmp", "/tmp",
         "--bind", Path.cwd(), Path.cwd(),
         "--chdir", Path.cwd(),
-        "--unshare-pid",
-        "--unshare-ipc",
-        "--unshare-cgroup",
         *(["--unshare-net"] if not network and have_effective_cap(Capability.CAP_NET_ADMIN) else []),
         "--die-with-parent",
         "--proc", "/proc",