]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
projects / thirdparty / mkosi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eab19cd)
vmspawn: Run with sandbox 2671/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Tue, 30 Apr 2024 13:32:11 +0000 (15:32 +0200)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Tue, 30 Apr 2024 13:40:34 +0000 (15:40 +0200)
Now that we can look up binaries in --extra-search-paths=, we can run
vmspawn with a sandbox as well.

mkosi/vmspawn.py patch | blob | blame | history

diff --git a/mkosi/vmspawn.py b/mkosi/vmspawn.py
index 3bab311c1a762307b84785b1f391d0665747f10f..9bc0027c68f42569f11c601acf9ad6feb88c136d 100644 (file)
--- a/mkosi/vmspawn.py
+++ b/mkosi/vmspawn.py
@@ -102,4 +102,11 @@ def run_vmspawn(args: Args, config: Config) -> None:
 
         cmdline += [*args.cmdline, *config.kernel_command_line_extra]
 
-        run(cmdline, stdin=sys.stdin, stdout=sys.stdout, env=os.environ | config.environment, log=False)
+        run(
+            cmdline,
+            stdin=sys.stdin,
+            stdout=sys.stdout,
+            env=os.environ | config.environment,
+            log=False,
+            sandbox=config.sandbox(binary=cmdline[0], network=True, devices=True, relaxed=True),
+        )
Mirror of https://github.com/systemd/mkosi.git