From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 11 Dec 2024 21:21:32 +0000 (+0000)
Subject: Don't do proxy mounts in relaxed sandbox
X-Git-Tag: v25~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2b0f9453106660cb729b788aa472d476da539a8;p=thirdparty%2Fmkosi.git

Don't do proxy mounts in relaxed sandbox

These aren't required in a relaxed sandbox.
---

diff --git a/mkosi/config.py b/mkosi/config.py
index e1aaf05ef..108a47faa 100644
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -2069,12 +2069,14 @@ class Config:
         options: Sequence[PathString] = (),
         setup: Sequence[PathString] = (),
     ) -> AbstractContextManager[list[PathString]]:
-        opt: list[PathString] = [
-            *options,
-            *(["--ro-bind", str(p), "/proxy.cacert"] if (p := self.proxy_peer_certificate) else []),
-            *(["--ro-bind", str(p), "/proxy.clientcert"] if (p := self.proxy_client_certificate) else []),
-            *(["--ro-bind", str(p), "/proxy.clientkey"] if (p := self.proxy_client_key) else []),
-        ]
+        opt: list[PathString] = [*options]
+        if not relaxed:
+            if p := self.proxy_peer_certificate:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.cacert"]
+            if p := self.proxy_client_certificate:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.clientcert"]
+            if p := self.proxy_client_key:
+                opt += ["--ro-bind", os.fspath(p), "/proxy.clientkey"]
 
         if (
             binary