From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 9 Jan 2024 09:26:03 +0000 (+0100)
Subject: Unshare IPC namespace when not in relaxed mode
X-Git-Tag: v20~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2255%2Fhead;p=thirdparty%2Fmkosi.git

Unshare IPC namespace when not in relaxed mode

Otherwise tests in the sandbox will think they have access to IPC
stuff when they actually don't.

Fixes #2256
---

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index e574fd4b9..0e1921d02 100644
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -95,7 +95,10 @@ def sandbox_cmd(
     if relaxed:
         cmdline += ["--bind", "/tmp", "/tmp"]
     else:
-        cmdline += ["--tmpfs", "/tmp"]
+        cmdline += [
+            "--tmpfs", "/tmp",
+            "--unshare-ipc",
+        ]
 
     if (tools / "nix/store").exists():
         cmdline += ["--bind", tools / "nix/store", "/nix/store"]