From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 30 Apr 2024 13:32:11 +0000 (+0200)
Subject: vmspawn: Run with sandbox
X-Git-Tag: v23.1~82^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2671%2Fhead;p=thirdparty%2Fmkosi.git

vmspawn: Run with sandbox

Now that we can look up binaries in --extra-search-paths=, we can run
vmspawn with a sandbox as well.
---

diff --git a/mkosi/vmspawn.py b/mkosi/vmspawn.py
index 3bab311c1..9bc0027c6 100644
--- a/mkosi/vmspawn.py
+++ b/mkosi/vmspawn.py
@@ -102,4 +102,11 @@ def run_vmspawn(args: Args, config: Config) -> None:
 
         cmdline += [*args.cmdline, *config.kernel_command_line_extra]
 
-        run(cmdline, stdin=sys.stdin, stdout=sys.stdout, env=os.environ | config.environment, log=False)
+        run(
+            cmdline,
+            stdin=sys.stdin,
+            stdout=sys.stdout,
+            env=os.environ | config.environment,
+            log=False,
+            sandbox=config.sandbox(binary=cmdline[0], network=True, devices=True, relaxed=True),
+        )